Yusuke Akagi

**Name of the Vulnerable Software and Affected Versions** baserCMS versions prior to 4.7.5 **Description** The issue allows any file to be uploaded on the management system of baserCMS. This poses a risk, especially when the management system is used by multiple users. The vulnerability enables malicious files to be uploaded in the Upload File Management. **Recommendations** Update to version 4.7.5 or later to address the issue. As a temporary workaround, consider restricting access to the Upload File Management feature until the update is applied.

**Name of the Vulnerable Software and Affected Versions** baserCMS versions 4.5.1 and earlier **Description** The issue is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS, which is an open source content management system with a focus on Japanese language support. This vulnerability may allow the execution of malicious JavaScript code, potentially altering the display of the page or leaking cookie information. Users are advised to update as soon as possible. **Recommendations** For baserCMS versions 4.5.1 and earlier, update to the latest version of baserCMS as soon as possible to resolve the issue. As a temporary workaround, consider restricting access to the file upload function in the management system until the update is applied.