[Japanese] | |
JVNDB-2016-000173 | |
baserCMS plugin Mail vulnerable to cross-site scripting | |
Overview | |
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a stored cross-site scripting vulnerability. | |
CVSS Severity (What is CVSS?) | |
CVSS V3 Severity:
Base Metrics 5.4 (Medium) [IPA Score]
CVSS V2 Severity:
Base Metrics 4.0 (Medium) [IPA Score]
| |
Affected Products | |
| |
baserCMS Users Community | |
| |
Impact | |
A user in Administrative group may be tricked to insert an arbitrary script in an administration page. The stored script may be executed on the user's web browser when another user in Administrative group accesses the administration page. | |
Solution | |
[Update the Software] | |
Vendor Information | |
baserCMS Users Community | |
CWE (What is CWE?) | |
| |
CVE (What is CVE?) | |
| |
References | |
| |
Revision History | |
|
Date Public | 2016/09/29 |
Date First Published | 2016/09/29 |
Date Last Updated | 2017/11/27 |