Information from baserCMS Users Community
Vulnerability ID:JVN#00876083
Title:Multiple vulnerabilities in baserCMS
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
baserCMS has multiple vulnerabilities including XSS.
### Target
baserCMS 5.1.2 and earlier versions
baserCMS 4.8.1 and earlier versions
### Vulnerability
If these vulnerabilities are exploited, arbitrary scripts or OS commands may be executed.
1. XSS vulnerability in Article Edit(CVE-2023-46996)
2. XSS vulnerability in Edit Email Form Settings(CVE-2024-46998)
3. XSS vulnerability in Error Page(CVE-2023-46995)
4. XSS vulnerability in Article Edit and Content List (CVE-2023-46994)
Regarding 1 and 2 and 4., it is a vulnerability that needs to be addressed only if the management screen is used by an unspecified number of users.
### Countermeasures
Update to the latest version of baserCMS
Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_00876083
### Credits
- Ayato Shitomi@Fore-Z
- Kyohei Ota@LEON TECHNOLOGY,Inc.
- Rikuto Tauchi
- Yusuke Uchida
