CVE-2022-41994: baserCMS vulnerable to stored Cross-site Scripting

December 7, 2022 (updated December 12, 2022)

Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.

References

basercms.net/security/JVN_53682526
github.com/advisories/GHSA-vxwf-79ch-f7f7
jvn.jp/en/jp/JVN53682526/index.html
nvd.nist.gov/vuln/detail/CVE-2022-41994

Code Behaviors & Features

Detect and mitigate CVE-2022-41994 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →