Search for packages
| purl | pkg:composer/baserproject/basercms@4.3.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1q79-sxzp-zker
Aliases: CVE-2021-20682 GHSA-g39q-f4rm-85x4 |
OS Command Injection baserCMS allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. |
Affected by 3 other vulnerabilities. |
|
VCID-5ay3-1t5g-vycu
Aliases: CVE-2021-41279 GHSA-4x2f-54wr-4hjg |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') BaserCMS is an open source content management system with a focus on Japanese language support. Users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. |
Affected by 0 other vulnerabilities. |
|
VCID-891u-x525-ykbb
Aliases: CVE-2021-41243 GHSA-7rpc-9m88-cf9w |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible. |
Affected by 0 other vulnerabilities. |
|
VCID-d5gk-q2hh-kba5
Aliases: CVE-2020-15154 GHSA-cpxc-67rc-c775 |
Cross-site Scripting baserCMS `content_info.php`, `content_options.php`, `content_related.php`, `index_list_tree.php`, `jquery.bcTree.js`. |
Affected by 9 other vulnerabilities. |
|
VCID-eq7f-n3g5-s3hu
Aliases: CVE-2021-20681 GHSA-24p5-x9f9-vvpx |
Cross-site Scripting Improper neutralization of JavaScript input in the page editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. |
Affected by 3 other vulnerabilities. |
|
VCID-hpk4-a6tr-3ffe
Aliases: CVE-2021-39136 GHSA-hgjr-632x-qpp3 |
baserCMS is an open source content management system with a focus on Japanese language support. A Cross-site Scripting vulnerability has been identified. |
Affected by 2 other vulnerabilities. |
|
VCID-p6nr-eu91-53b4
Aliases: CVE-2020-15159 GHSA-673x-f5wx-fxpw |
Cross-site Scripting baserCMS is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The affected components are `ThemeFilesController.php` and `UploaderFilesController.php`. |
Affected by 9 other vulnerabilities. |
|
VCID-twf5-bzba-gqb4
Aliases: CVE-2020-15273 GHSA-wpww-4jf4-4hx8 |
Cross-site Scripting baserCMS is vulnerable to Cross-Site Scripting. The issue affects the following components; Edit feed settings, Edit widget area, Sub site new registration, and New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, sub-site setting list, widget area edit, and feed list on the management screen. |
Affected by 6 other vulnerabilities. |
|
VCID-vqx2-hzju-r7et
Aliases: CVE-2020-15155 GHSA-4r3m-j6x5-48m3 |
Cross-site Scripting baserCMS is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is `toolbar.php`. |
Affected by 9 other vulnerabilities. |
|
VCID-wvnk-63hy-ykeq
Aliases: CVE-2020-15276 GHSA-fw5q-j9p4-3vxg |
Cross-site Scripting baserCMS is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a specially crafted nickname in the blog comments. The issue affects the blog comment component. |
Affected by 6 other vulnerabilities. |
|
VCID-xpsb-2yux-g3cf
Aliases: CVE-2021-20683 GHSA-v9w8-hq92-v39m |
Cross-site Scripting Improper neutralization of JavaScript input in the blog article editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. |
Affected by 3 other vulnerabilities. |
|
VCID-xxud-7jsh-bbc1
Aliases: CVE-2020-15277 GHSA-6fmv-q269-55cw |
Unrestricted Upload of File with Dangerous Type baserCMS Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The `Edit template` component was found to be vulnerable. |
Affected by 6 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||