CVE-2023-43649

Description

baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Affected products

baserproject / basercms< 4.8.0 – < 4.8.0

References

VENDOR_ADVISORYhttps://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5
PATCHhttps://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6
MISChttps://basercms.net/security/JVN_99052047