PT-2024-32330 · Basercms · Basercms

Ayato-Shitomi

Published

2024-10-24

Updated

2024-10-28

CVE-2024-46998

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions baserCMS versions prior to 5.1.2

Description The issue is a cross-site scripting vulnerability in the Edit Email Form Settings Feature of baserCMS, a website development framework. This vulnerability allows malicious code to be executed in the Edit Email Form Settings feature.

Recommendations For versions prior to 5.1.2, update to version 5.1.2 or later to fix the issue. As a temporary workaround, consider restricting access to the Edit Email Form Settings feature until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-46998

GHSA-P3M2-MJ3J-J49X

Affected Products

Basercms

PT-2024-32330 · Basercms · Basercms

CVE-2024-46998

Weakness Enumeration

Related Identifiers

Affected Products

References · 10