PT-2024-32326 · Basercms · Basercms

Kyohei Ota

Published

2024-10-24

Updated

2024-10-28

CVE-2024-46994

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions baserCMS versions prior to 5.1.2

Description The issue is a cross-site scripting vulnerability in the Blog posts and Contents list Feature of baserCMS, a website development framework. This vulnerability allows malicious code to be executed in the Blog posts and Contents list feature.

Recommendations For versions prior to 5.1.2, update to version 5.1.2 or later to fix the issue. As a temporary workaround, consider restricting access to the Blog posts and Contents list Feature until the update is applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-46994

GHSA-WRJC-FMFQ-W3JR

Affected Products

Basercms

PT-2024-32326 · Basercms · Basercms

CVE-2024-46994

Weakness Enumeration

Related Identifiers

Affected Products

References · 9