Search for packages
| purl | pkg:composer/baserproject/basercms@4.1.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1q79-sxzp-zker
Aliases: CVE-2021-20682 GHSA-g39q-f4rm-85x4 |
OS Command Injection baserCMS allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. |
Affected by 0 other vulnerabilities. |
|
VCID-9mf7-56fh-fyfk
Aliases: CVE-2018-18943 GHSA-fx2m-5m9v-jhgp |
Cross-site Scripting An issue was discovered in baserCMS In the Register New Category feature of the Upload menu, the category name can be used for XSS via the `data[UploaderCategory][name]` parameter to an `admin/uploader/uploader_categories/edit` URI. |
Affected by 9 other vulnerabilities. |
|
VCID-d5gk-q2hh-kba5
Aliases: CVE-2020-15154 GHSA-cpxc-67rc-c775 |
Cross-site Scripting baserCMS `content_info.php`, `content_options.php`, `content_related.php`, `index_list_tree.php`, `jquery.bcTree.js`. |
Affected by 6 other vulnerabilities. |
|
VCID-eq7f-n3g5-s3hu
Aliases: CVE-2021-20681 GHSA-24p5-x9f9-vvpx |
Cross-site Scripting Improper neutralization of JavaScript input in the page editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. |
Affected by 0 other vulnerabilities. |
|
VCID-gsg3-fdmu-vqag
Aliases: CVE-2018-18942 GHSA-rjc2-x53r-6c9r |
Improper Input Validation baserCMS allows remote attackers to execute arbitrary PHP code via the `admin/theme_configs/form`. |
Affected by 9 other vulnerabilities. |
|
VCID-p6nr-eu91-53b4
Aliases: CVE-2020-15159 GHSA-673x-f5wx-fxpw |
Cross-site Scripting baserCMS is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The affected components are `ThemeFilesController.php` and `UploaderFilesController.php`. |
Affected by 6 other vulnerabilities. |
|
VCID-twf5-bzba-gqb4
Aliases: CVE-2020-15273 GHSA-wpww-4jf4-4hx8 |
Cross-site Scripting baserCMS is vulnerable to Cross-Site Scripting. The issue affects the following components; Edit feed settings, Edit widget area, Sub site new registration, and New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, sub-site setting list, widget area edit, and feed list on the management screen. |
Affected by 3 other vulnerabilities. |
|
VCID-vqx2-hzju-r7et
Aliases: CVE-2020-15155 GHSA-4r3m-j6x5-48m3 |
Cross-site Scripting baserCMS is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is `toolbar.php`. |
Affected by 6 other vulnerabilities. |
|
VCID-wvnk-63hy-ykeq
Aliases: CVE-2020-15276 GHSA-fw5q-j9p4-3vxg |
Cross-site Scripting baserCMS is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a specially crafted nickname in the blog comments. The issue affects the blog comment component. |
Affected by 3 other vulnerabilities. |
|
VCID-xpsb-2yux-g3cf
Aliases: CVE-2021-20683 GHSA-v9w8-hq92-v39m |
Cross-site Scripting Improper neutralization of JavaScript input in the blog article editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. |
Affected by 0 other vulnerabilities. |
|
VCID-xxud-7jsh-bbc1
Aliases: CVE-2020-15277 GHSA-6fmv-q269-55cw |
Unrestricted Upload of File with Dangerous Type baserCMS Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The `Edit template` component was found to be vulnerable. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||