Filtered by vendor Basercms Subscriptions
Filtered by product Basercms Subscriptions
Total 56 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-4881 1 Basercms 1 Basercms 2024-11-21 N/A
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2016-4880 1 Basercms 1 Basercms 2024-11-21 N/A
Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-4879 1 Basercms 2 Basercms, Mail 2024-11-21 8.8 High
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2016-4878 1 Basercms 1 Basercms 2024-11-21 N/A
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2016-4877 1 Basercms 2 Basercms, Mail 2024-11-21 5.4 Medium
Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-4876 1 Basercms 1 Basercms 2024-11-21 N/A
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors.
CVE-2015-7769 1 Basercms 1 Basercms 2024-11-21 N/A
baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
CVE-2015-5641 1 Basercms 1 Basercms 2024-11-21 N/A
SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5640 1 Basercms 1 Basercms 2024-11-21 N/A
baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request.
CVE-2012-1248 1 Basercms 1 Basercms 2024-11-21 N/A
app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a different domain.
CVE-2011-2674 1 Basercms 1 Basercms 2024-11-21 N/A
BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors.
CVE-2011-2673 1 Basercms 1 Basercms 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in BaserCMS before 1.6.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2024-46995 1 Basercms 1 Basercms 2024-10-28 6.1 Medium
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue.
CVE-2024-46998 1 Basercms 1 Basercms 2024-10-28 7.1 High
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue.
CVE-2024-46996 1 Basercms 1 Basercms 2024-10-28 6.3 Medium
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue.
CVE-2024-46994 1 Basercms 1 Basercms 2024-10-28 5.4 Medium
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue.