Information from baserCMS Users Community
Vulnerability ID:JVN#73283159
Title:Multiple vulnerabilities in baserCMS
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
baserCMS has multiple vulnerabilities including XSS.
### Target
baserCMS 5.0.8 and earlier versions
### Vulnerability
If these vulnerabilities are exploited, arbitrary scripts or OS commands may be executed.
1. XSS vulnerability in Site search Feature(CVE-2023-44379)
2. XSS vulnerability in Content Management(CVE-2024-26128)
3. OS command injection vulnerability in Installer(CVE-2023-51450)
Regarding 1., it is a vulnerability that needs to be addressed only if the management screen is used by an unspecified number of users.
Regarding 3., it is a vulnerability that requires countermeasures when baserCMS installer files are uploaded to the server but not installed.
### Countermeasures
Update to the latest version of baserCMS
Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_73283159
### Credits
- Kentaro Ishii@GMO Cybersecurity by Ierae, Inc.
- Shunsuke Tanizaki
- Yusuke Uchida@PERSOL CROSS TECHNOLOGY CO., LTD.(Not affiliated at the time of report submission)
