CVE-2023-43647

Description

baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected products

baserproject / basercms< 4.8.0 – < 4.8.0

References

VENDOR_ADVISORYhttps://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv
PATCHhttps://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e
MISChttps://basercms.net/security/JVN_24381990