PT-2023-22083 · Basercms+2 · Basercms+2
Published
2023-10-26
·
Updated
2023-11-07
·
CVE-2023-29009
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
baserCMS versions prior to 4.8.0
Description
The issue is a XSS Vulnerability in the Favorites Feature of baserCMS, a website development framework that runs on PHP8 and CakePHP4. This vulnerability allows malicious code to be executed in the Favorites feature on the server. The estimated number of potentially affected devices is not specified, but it is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.
Recommendations
For versions prior to 4.8.0, update to version 4.8.0 or later to resolve the issue. As a temporary workaround, consider disabling the Favorites feature until a patch is available. Restrict access to the Favorites feature to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cakephp
Php
Basercms