CVE-2024-26128

Description

baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected products

baserproject / basercms< 5.0.9 – < 5.0.9

References

VENDOR_ADVISORYhttps://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5
PATCHhttps://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c
MISChttps://basercms.net/security/JVN_73283159