Search for packages
| purl | pkg:composer/baserproject/basercms@4.1.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1q79-sxzp-zker
Aliases: CVE-2021-20682 GHSA-g39q-f4rm-85x4 |
OS Command Injection baserCMS allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. |
Affected by 0 other vulnerabilities. |
|
VCID-9mf7-56fh-fyfk
Aliases: CVE-2018-18943 GHSA-fx2m-5m9v-jhgp |
Cross-site Scripting An issue was discovered in baserCMS In the Register New Category feature of the Upload menu, the category name can be used for XSS via the `data[UploaderCategory][name]` parameter to an `admin/uploader/uploader_categories/edit` URI. |
Affected by 9 other vulnerabilities. |
|
VCID-d5gk-q2hh-kba5
Aliases: CVE-2020-15154 GHSA-cpxc-67rc-c775 |
Cross-site Scripting baserCMS `content_info.php`, `content_options.php`, `content_related.php`, `index_list_tree.php`, `jquery.bcTree.js`. |
Affected by 6 other vulnerabilities. |
|
VCID-eq7f-n3g5-s3hu
Aliases: CVE-2021-20681 GHSA-24p5-x9f9-vvpx |
Cross-site Scripting Improper neutralization of JavaScript input in the page editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. |
Affected by 0 other vulnerabilities. |
|
VCID-gsg3-fdmu-vqag
Aliases: CVE-2018-18942 GHSA-rjc2-x53r-6c9r |
Improper Input Validation baserCMS allows remote attackers to execute arbitrary PHP code via the `admin/theme_configs/form`. |
Affected by 9 other vulnerabilities. |
|
VCID-p6nr-eu91-53b4
Aliases: CVE-2020-15159 GHSA-673x-f5wx-fxpw |
Cross-site Scripting baserCMS is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The affected components are `ThemeFilesController.php` and `UploaderFilesController.php`. |
Affected by 6 other vulnerabilities. |
|
VCID-twf5-bzba-gqb4
Aliases: CVE-2020-15273 GHSA-wpww-4jf4-4hx8 |
Cross-site Scripting baserCMS is vulnerable to Cross-Site Scripting. The issue affects the following components; Edit feed settings, Edit widget area, Sub site new registration, and New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, sub-site setting list, widget area edit, and feed list on the management screen. |
Affected by 3 other vulnerabilities. |
|
VCID-vqx2-hzju-r7et
Aliases: CVE-2020-15155 GHSA-4r3m-j6x5-48m3 |
Cross-site Scripting baserCMS is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is `toolbar.php`. |
Affected by 6 other vulnerabilities. |
|
VCID-wvnk-63hy-ykeq
Aliases: CVE-2020-15276 GHSA-fw5q-j9p4-3vxg |
Cross-site Scripting baserCMS is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a specially crafted nickname in the blog comments. The issue affects the blog comment component. |
Affected by 3 other vulnerabilities. |
|
VCID-xpsb-2yux-g3cf
Aliases: CVE-2021-20683 GHSA-v9w8-hq92-v39m |
Cross-site Scripting Improper neutralization of JavaScript input in the blog article editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. |
Affected by 0 other vulnerabilities. |
|
VCID-xxud-7jsh-bbc1
Aliases: CVE-2020-15277 GHSA-6fmv-q269-55cw |
Unrestricted Upload of File with Dangerous Type baserCMS Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The `Edit template` component was found to be vulnerable. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2u6y-aj6t-7fb1 | Improper Privilege Management baserCMS allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors. |
CVE-2018-0573
GHSA-33fq-qm4m-cjw3 |
| VCID-6trr-5deb-yydm | Unrestricted Upload of File with Dangerous Type baserCMS allows remote attackers with a site operator privilege to upload arbitrary files. |
CVE-2018-0571
GHSA-3mcp-6rv6-c69g |
| VCID-e4xa-jm9u-nked | OS Command Injection baserCMS allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors. |
CVE-2018-0569
GHSA-6j3p-vrph-j7qq |
| VCID-ga9u-uv9b-tydr | Cross-site Scripting Cross-site scripting vulnerability in baserCMS allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. |
CVE-2018-0570
GHSA-994g-74gq-5qpr |
| VCID-r4jc-22rq-d3cb | Information Exposure baserCMS allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors. |
CVE-2018-0575
GHSA-w935-p7mg-xc96 |
| VCID-yesf-qxgy-3ygx | Improper Access Control baserCMS allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors. |
CVE-2018-0572
GHSA-mjj9-33j8-pfwh |
| VCID-zy68-bur9-1fck | Cross-site Scripting Cross-site scripting vulnerability in baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
CVE-2018-0574
GHSA-6qjv-43mf-rgrh |