CVE-2022-39325

2022-11-2520:15:10

CWE-79

GitHub_M

web.nvd.nist.gov

basercms

cross-site scripting

vulnerability

management system

upgrade

nvd

cve-2022-39325

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.8%

JSON

BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are advised to upgrade as soon as possible. There are no known workarounds for this vulnerability.

Affected configurations

Nvd

Vulners

Node

basercmsbasercmsRange<4.7.2

VendorProductVersionCPE
basercmsbasercms*cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
basercms	basercms	*	cpe:2.3:a:basercms:basercms::::::::

CNA Affected

[
  {
    "vendor": "baserproject",
    "product": "basercms",
    "versions": [
      {
        "version": "< 4.7.2",
        "status": "affected"
      }
    ]
  }
]