Yama

**Name of the Vulnerable Software and Affected Versions** baserCMS versions 4.0.0 through 4.4.0 **Description** The issue affects the blog comment component, allowing arbitrary JavaScript execution by entering a crafted nickname in blog comments. This can lead to Cross-Site Scripting (XSS) via arbitrary script execution. The components affected are blog comment posting. **Recommendations** For versions 4.0.0 through 4.4.0, update to version 4.4.1 to resolve the issue. As a temporary workaround, consider restricting the use of the blog comment component until the update is applied.