CVE-2021-39136

EPSS 0.54%
Veröffentlicht 25.08.2021 18:15:07
Zuletzt bearbeitet 21.11.2024 06:18:39
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS. Users are advised to update as soon as possible. No workaround are available to mitigate this issue.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Basercms ≫ Basercms Version < 4.5.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.54%	0.667

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N
security-advisories@github.com	8.7	2.3	5.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://jvn.jp/en/jp/JVN14134801/index.html

Third Party Advisory

https://basercms.net/security/JVN_14134801

Vendor Advisory

https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bc

Patch

Third Party Advisory

https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-39136

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-39136

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-39136

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-39136