CVE-2022-39325 - OpenCVE

BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are advised to upgrade as soon as possible. There are no known workarounds for this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Basercms	Basercms

Configuration 1 [-]

cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://basercms.net/security/JVN_53682526
https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6
https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-11-25T00:00:00

Updated: 2024-08-03T12:00:44.080Z

Reserved: 2022-09-02T00:00:00

Link: CVE-2022-39325

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-11-25T20:15:10.680

Modified: 2022-12-01T17:34:46.237

Link: CVE-2022-39325

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-39325", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2024-08-03T12:00:44.080Z", "dateReserved": "2022-09-02T00:00:00", "datePublished": "2022-11-25T00:00:00"}, "containers": {"cna": {"title": "Cross-site scripting vulnerability in BaserCMS", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-11-25T00:00:00"}, "descriptions": [{"lang": "en", "value": "BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are advised to upgrade as soon as possible. There are no known workarounds for this vulnerability."}], "affected": [{"vendor": "baserproject", "product": "basercms", "versions": [{"version": "< 4.7.2", "status": "affected"}]}], "references": [{"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5"}, {"url": "https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6"}, {"url": "https://basercms.net/security/JVN_53682526"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79"}]}], "source": {"advisory": "GHSA-395x-wv32-44v5", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:00:44.080Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5", "tags": ["x_transferred"]}, {"url": "https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6", "tags": ["x_transferred"]}, {"url": "https://basercms.net/security/JVN_53682526", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*", "matchCriteriaId": "33AE97E7-E19D-4943-AEAD-132E859E9A4D", "versionEndExcluding": "4.7.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are advised to upgrade as soon as possible. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "BaserCMS es un sistema de gesti\u00f3n de contenidos centrado en el idioma japon\u00e9s. En las versiones afectadas existe una vulnerabilidad de Cross-Site Scripting (XSS) en el sistema de gesti\u00f3n de baserCMS. Esta es una vulnerabilidad que debe abordarse cuando el sistema de gesti\u00f3n es utilizado por un n\u00famero no especificado de usuarios. Se recomienda a los usuarios de baserCMS que actualicen lo antes posible. No se conocen workarounds para esta vulnerabilidad."}], "id": "CVE-2022-39325", "lastModified": "2022-12-01T17:34:46.237", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-11-25T20:15:10.680", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://basercms.net/security/JVN_53682526"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}