Refine your search
28 vulnerabilities found for baserCMS by baserCMS Users Community
jvndb-2024-000114
Vulnerability from jvndb
Published
2024-10-25 15:07
Modified
2025-02-18 15:35
Severity ?
Summary
Multiple vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.<ul><li>Stored cross-site scripting vulnerability due to inappropriate Slug handling on Article Edit (CWE-79) - CVE-2024-46996</li><li>Stored cross-site scripting vulnerability on Edit Email Form Settings (CWE-79) - CVE-2024-46998</li><li>Reflected cross-site scripting vulnerability due to inadequate error page generation process (CWE-81) - CVE-2024-46995</li><li>Stored cross-site scripting vulnerability due to inappropriate input data handling on Article Edit and Content List (CWE-79) - CVE-2024-46994</li></ul>CVE-2024-46996
Ayato Shitomi of Fore-Z co.ltd and Rikuto Tauchi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-46998
Ayato Shitomi of Fore-Z co.ltd reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-46995
Yusuke Uchida of PERSOL CROSS TECHNOLOGY CO., LTD. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-46994
Kyohei Ota of LEON TECHNOLOGY,Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000114.html",
"dc:date": "2025-02-18T15:35+09:00",
"dcterms:issued": "2024-10-25T15:07+09:00",
"dcterms:modified": "2025-02-18T15:35+09:00",
"description": "baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eStored cross-site scripting vulnerability due to inappropriate Slug handling on Article Edit (CWE-79) - CVE-2024-46996\u003c/li\u003e\u003cli\u003eStored cross-site scripting vulnerability on Edit Email Form Settings (CWE-79) - CVE-2024-46998\u003c/li\u003e\u003cli\u003eReflected cross-site scripting vulnerability due to inadequate error page generation process (CWE-81) - CVE-2024-46995\u003c/li\u003e\u003cli\u003eStored cross-site scripting vulnerability due to inappropriate input data handling on Article Edit and Content List (CWE-79) - CVE-2024-46994\u003c/li\u003e\u003c/ul\u003eCVE-2024-46996\r\nAyato Shitomi of Fore-Z co.ltd and Rikuto Tauchi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-46998\r\nAyato Shitomi of Fore-Z co.ltd reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-46995\r\nYusuke Uchida of PERSOL CROSS TECHNOLOGY CO., LTD. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-46994\r\nKyohei Ota of LEON TECHNOLOGY,Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000114.html",
"sec:cpe": [
{
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
{
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000114",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN00876083/index.html",
"@id": "JVN#00876083",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-46996",
"@id": "CVE-2024-46996",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-46998",
"@id": "CVE-2024-46998",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-46995",
"@id": "CVE-2024-46995",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-46994",
"@id": "CVE-2024-46994",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in baserCMS"
}
jvndb-2024-000022
Vulnerability from jvndb
Published
2024-02-27 14:25
Modified
2024-02-27 14:25
Severity ?
Summary
Multiple vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.
<ul>
<li>Reflected cross-site scripting vulnerability in Site search Feature (CWE-79) - CVE-2023-44379</li>
<li>Stored cross-site scripting vulnerability in Content Management (CWE-79) - CVE-2024-26128</li>
<li>OS command injection vulnerability (CWE-78) - CVE-2023-51450</li>
</ul>
CVE-2023-44379
Yusuke Uchida of PERSOL CROSS TECHNOLOGY CO., LTD. (Not affiliated at the time of report submission) reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-26128
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-51450
Shunsuke Tanizaki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000022.html",
"dc:date": "2024-02-27T14:25+09:00",
"dcterms:issued": "2024-02-27T14:25+09:00",
"dcterms:modified": "2024-02-27T14:25+09:00",
"description": "baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\r\n\u003cli\u003eReflected cross-site scripting vulnerability in Site search Feature (CWE-79) - CVE-2023-44379\u003c/li\u003e\r\n\u003cli\u003eStored cross-site scripting vulnerability in Content Management (CWE-79) - CVE-2024-26128\u003c/li\u003e\r\n\u003cli\u003eOS command injection vulnerability (CWE-78) - CVE-2023-51450\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nCVE-2023-44379\r\nYusuke Uchida of PERSOL CROSS TECHNOLOGY CO., LTD. (Not affiliated at the time of report submission) reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-26128\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-51450\r\nShunsuke Tanizaki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000022.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "8.1",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000022",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN73283159/index.html",
"@id": "JVN#73283159",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-44379",
"@id": "CVE-2023-44379",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-26128",
"@id": "CVE-2024-26128",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-51450",
"@id": "CVE-2023-51450",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in baserCMS"
}
jvndb-2023-000106
Vulnerability from jvndb
Published
2023-10-27 14:46
Modified
2024-05-07 15:59
Severity ?
Summary
Multiple vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.<ul><li>Stored cross-site scripting vulnerability (CWE-79) - CVE-2023-29009</li><li>Reflected cross-site scripting vulnerability (CWE-79) - CVE-2023-43647</li><li>Directory traversal vulnerability (CWE-22) - CVE-2023-43648</li><li>Cross-site request forgery vulnerability (CWE-352) - CVE-2023-43649</li><li>Arbitrary file upload vulnerability (CWE-434) - CVE-2023-43792</li></ul>
CVE-2023-29009
Kyohei Ota reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-43647, CVE-2023-43648, CVE-2023-43649, CVE-2023-43792
Shiga Takuma of BroadBand Security, Inc reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000106.html",
"dc:date": "2024-05-07T15:59+09:00",
"dcterms:issued": "2023-10-27T14:46+09:00",
"dcterms:modified": "2024-05-07T15:59+09:00",
"description": "baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eStored cross-site scripting vulnerability (CWE-79) - CVE-2023-29009\u003c/li\u003e\u003cli\u003eReflected cross-site scripting vulnerability (CWE-79) - CVE-2023-43647\u003c/li\u003e\u003cli\u003eDirectory traversal vulnerability (CWE-22) - CVE-2023-43648\u003c/li\u003e\u003cli\u003eCross-site request forgery vulnerability (CWE-352) - CVE-2023-43649\u003c/li\u003e\u003cli\u003eArbitrary file upload vulnerability (CWE-434) - CVE-2023-43792\u003c/li\u003e\u003c/ul\u003e\r\nCVE-2023-29009\r\nKyohei Ota reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-43647, CVE-2023-43648, CVE-2023-43649, CVE-2023-43792\r\nShiga Takuma of BroadBand Security, Inc reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000106.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000106",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN45547161/index.html",
"@id": "JVN#45547161",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-29009",
"@id": "CVE-2023-29009",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-43647",
"@id": "CVE-2023-43647",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-43648",
"@id": "CVE-2023-43648",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-43649",
"@id": "CVE-2023-43649",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-43792",
"@id": "CVE-2023-43792",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-29009",
"@id": "CVE-2023-29009",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43647",
"@id": "CVE-2023-43647",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43648",
"@id": "CVE-2023-43648",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43649",
"@id": "CVE-2023-43649",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43792",
"@id": "CVE-2023-43792",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in baserCMS"
}
jvndb-2023-000028
Vulnerability from jvndb
Published
2023-03-27 13:39
Modified
2024-06-06 17:31
Severity ?
Summary
baserCMS vulnerable to arbitrary file uploads
Details
baserCMS provided by baserCMS Users Community allows an authenticated user to upload arbitrary files (CWE-434).
Taisei Inoue of GMO Cybersecurity by Ierae, Inc. and Yusuke Akagi of Mitsui Bussan Secure Directions, Inc., Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000028.html",
"dc:date": "2024-06-06T17:31+09:00",
"dcterms:issued": "2023-03-27T13:39+09:00",
"dcterms:modified": "2024-06-06T17:31+09:00",
"description": "baserCMS provided by baserCMS Users Community allows an authenticated user to upload arbitrary files (CWE-434).\r\n\r\nTaisei Inoue of GMO Cybersecurity by Ierae, Inc. and Yusuke Akagi of Mitsui Bussan Secure Directions, Inc., Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000028.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000028",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN61105618/index.html",
"@id": "JVN#61105618",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-25655",
"@id": "CVE-2023-25655",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-25655",
"@id": "CVE-2023-25655",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "baserCMS vulnerable to arbitrary file uploads"
}
jvndb-2022-000094
Vulnerability from jvndb
Published
2022-11-25 13:42
Modified
2024-05-31 18:17
Severity ?
Summary
Multiple cross-site scripting vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community contains multiple cross-site scripting vulnerabilities listed below.
* Stored cross-site scripting vulnerability in User management (CWE-79) - CVE-2022-39325
* Stored cross-site scripting vulnerability in Permission Settings (CWE-79) - CVE-2022-41994
* Stored cross-site scripting vulnerability in User group management (CWE-79) - CVE-2022-42486
CVE-2022-39325
YUYA KOTAKE of CARTA HOLDINGS, INC. and Shogo Iyota of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2022-41994, CVE-2022-42486
Shogo Iyota of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000094.html",
"dc:date": "2024-05-31T18:17+09:00",
"dcterms:issued": "2022-11-25T13:42+09:00",
"dcterms:modified": "2024-05-31T18:17+09:00",
"description": "baserCMS provided by baserCMS Users Community contains multiple cross-site scripting vulnerabilities listed below.\r\n\r\n * Stored cross-site scripting vulnerability in User management (CWE-79) - CVE-2022-39325\r\n * Stored cross-site scripting vulnerability in Permission Settings (CWE-79) - CVE-2022-41994\r\n * Stored cross-site scripting vulnerability in User group management (CWE-79) - CVE-2022-42486\r\n\r\nCVE-2022-39325\r\nYUYA KOTAKE of CARTA HOLDINGS, INC. and Shogo Iyota of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2022-41994, CVE-2022-42486\r\nShogo Iyota of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000094.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000094",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN53682526/index.html",
"@id": "JVN#53682526",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-39325",
"@id": "CVE-2022-39325",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-41994",
"@id": "CVE-2022-41994",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-42486",
"@id": "CVE-2022-42486",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-39325",
"@id": "CVE-2022-39325",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41994",
"@id": "CVE-2022-41994",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-42486",
"@id": "CVE-2022-42486",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple cross-site scripting vulnerabilities in baserCMS"
}
jvndb-2021-000106
Vulnerability from jvndb
Published
2021-11-26 14:59
Modified
2021-11-26 14:59
Severity ?
Summary
Multiple vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.
* OS command injection (CWE-78) - CVE-2021-41243
* Arbitrary code upload vulnerability in Database restore (CWE-434) - CVE-2021-41279
CVE-2021-41243
Akagi Yusuke of NTT-ME CORPORATION reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-41279
Daniele Scanu of SoterITSecurity reported this vulnerability to baserCMS Users Community and baserCMS Users Community reported it to JPCERT/CC to notify users of the solution through JVN.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000106.html",
"dc:date": "2021-11-26T14:59+09:00",
"dcterms:issued": "2021-11-26T14:59+09:00",
"dcterms:modified": "2021-11-26T14:59+09:00",
"description": "baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.\r\n\r\n* OS command injection (CWE-78) - CVE-2021-41243\r\n* Arbitrary code upload vulnerability in Database restore (CWE-434) - CVE-2021-41279\r\n\r\nCVE-2021-41243\r\nAkagi Yusuke of NTT-ME CORPORATION reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-41279\r\nDaniele Scanu of SoterITSecurity reported this vulnerability to baserCMS Users Community and baserCMS Users Community reported it to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000106.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "9.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000106",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN81376414/index.html",
"@id": "JVN#81376414",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41243",
"@id": "CVE-2021-41243",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41279",
"@id": "CVE-2021-41279",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-41243",
"@id": "CVE-2021-41243",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-41279",
"@id": "CVE-2021-41279",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in baserCMS"
}
jvndb-2021-000080
Vulnerability from jvndb
Published
2021-08-27 13:29
Modified
2021-08-27 13:29
Severity ?
Summary
baserCMS vulnerable to cross-site scripting
Details
baserCMS provided by baserCMS Users Community contains a cross-site scripting vulnerability (CWE-79).
Akagi Yusuke of NTT-ME CORPORATION reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000080.html",
"dc:date": "2021-08-27T13:29+09:00",
"dcterms:issued": "2021-08-27T13:29+09:00",
"dcterms:modified": "2021-08-27T13:29+09:00",
"description": "baserCMS provided by baserCMS Users Community contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nAkagi Yusuke of NTT-ME CORPORATION reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000080.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000080",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN14134801/index.html",
"@id": "JVN#14134801",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39136",
"@id": "CVE-2021-39136",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-39136",
"@id": "CVE-2021-39136",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "baserCMS vulnerable to cross-site scripting"
}
jvndb-2021-000027
Vulnerability from jvndb
Published
2021-03-26 14:25
Modified
2021-03-26 14:25
Severity ?
Summary
Multiple vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.
*Improper Neutralization of JavaScript input in the page editing function (CWE-79) - CVE-2021-20681
*OS command injection (CWE-78) - CVE-2021-20682
*Improper Neutralization of JavaScript input in the blog article editing function (CWE-79) - CVE-2021-20683
CVE-2021-20681, CVE-2021-20682
Sho Odagiri of Information Science College reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20683
Yamaguchi Kakeru reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000027.html",
"dc:date": "2021-03-26T14:25+09:00",
"dcterms:issued": "2021-03-26T14:25+09:00",
"dcterms:modified": "2021-03-26T14:25+09:00",
"description": "baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.\r\n\r\n*Improper Neutralization of JavaScript input in the page editing function (CWE-79) - CVE-2021-20681\r\n*OS command injection (CWE-78) - CVE-2021-20682\r\n*Improper Neutralization of JavaScript input in the blog article editing function (CWE-79) - CVE-2021-20683\r\n\r\nCVE-2021-20681, CVE-2021-20682\r\nSho Odagiri of Information Science College reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20683\r\nYamaguchi Kakeru reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000027.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000027",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN64869876/index.html",
"@id": "JVN#64869876",
"@source": "JVN"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20681",
"@id": "CVE-2021-20681",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20682",
"@id": "CVE-2021-20682",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20683",
"@id": "CVE-2021-20683",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20681",
"@id": "CVE-2021-20681",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20682",
"@id": "CVE-2021-20682",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20683",
"@id": "CVE-2021-20683",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in baserCMS"
}
jvndb-2018-000055
Vulnerability from jvndb
Published
2018-05-22 14:53
Modified
2019-12-27 18:10
Severity ?
Summary
Multiple vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community is an opensource content management system. baserCMS contains multiple vulnerabilities listed below.
*Command injection (CWE-94) - CVE-2018-0569
*Cross-site scripting (CWE-79) - CVE-2018-0570
*Unrestricted Upload of File with Dangerous Type in upload file management function (CWE-434) - CVE-2018-0571
*Restrict access permissions failure in contents management function (CWE-264) - CVE-2018-0572
*Restrict access permissions failture for a content with a period being public is expired (CWE-264) - CVE-2018-0573
*Cross-site scripting in theme management function (CWE-79) - CVE-2018-0574
*Restrict access permissions failure in the function to attach files in mail form (CWE-264) - CVE-2018-0575
Following researchers reported respective vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning partnership.
CVE-2018-0569, CVE-2018-0570, CVE-2018-0571, CVE-2018-0572, and CVE-2018-0573
Toshitsugu Yoneyama and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.
CVE-2018-0574 and CVE-2018-0575
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.
References
| Type | URL | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000055.html",
"dc:date": "2019-12-27T18:10+09:00",
"dcterms:issued": "2018-05-22T14:53+09:00",
"dcterms:modified": "2019-12-27T18:10+09:00",
"description": "baserCMS provided by baserCMS Users Community is an opensource content management system. baserCMS contains multiple vulnerabilities listed below. \r\n\r\n*Command injection (CWE-94) - CVE-2018-0569 \r\n*Cross-site scripting (CWE-79) - CVE-2018-0570 \r\n*Unrestricted Upload of File with Dangerous Type in upload file management function (CWE-434) - CVE-2018-0571 \r\n*Restrict access permissions failure in contents management function (CWE-264) - CVE-2018-0572 \r\n*Restrict access permissions failture for a content with a period being public is expired (CWE-264) - CVE-2018-0573 \r\n*Cross-site scripting in theme management function (CWE-79) - CVE-2018-0574 \r\n*Restrict access permissions failure in the function to attach files in mail form (CWE-264) - CVE-2018-0575 \r\n\r\nFollowing researchers reported respective vulnerabilities to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning partnership.\r\n\r\n CVE-2018-0569, CVE-2018-0570, CVE-2018-0571, CVE-2018-0572, and CVE-2018-0573\r\n Toshitsugu Yoneyama and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.\r\n\r\n CVE-2018-0574 and CVE-2018-0575\r\n Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000055.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000055",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN67881316/index.html",
"@id": "JVN#67881316",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0569",
"@id": "CVE-2018-0569",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0570",
"@id": "CVE-2018-0570",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0571",
"@id": "CVE-2018-0571",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0572",
"@id": "CVE-2018-0572",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0573",
"@id": "CVE-2018-0573",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0574",
"@id": "CVE-2018-0574",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0575",
"@id": "CVE-2018-0575",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0569",
"@id": "CVE-2018-0569",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0570",
"@id": "CVE-2018-0570",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0571",
"@id": "CVE-2018-0571",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0572",
"@id": "CVE-2018-0572",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0573",
"@id": "CVE-2018-0573",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0574",
"@id": "CVE-2018-0574",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0575",
"@id": "CVE-2018-0575",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in baserCMS"
}
jvndb-2017-000203
Vulnerability from jvndb
Published
2017-08-25 14:50
Modified
2018-02-28 11:45
Severity ?
Summary
Multiple vulnerabilities in baserCMS
Details
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below.
* SQL injection (CWE-89) - CVE-2017-10842
* Arbitary files may be deleted - CVE-2017-10843
* Arbitary PHP code execution - CVE-2017-10844
Shoji Baba reported the vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000203.html",
"dc:date": "2018-02-28T11:45+09:00",
"dcterms:issued": "2017-08-25T14:50+09:00",
"dcterms:modified": "2018-02-28T11:45+09:00",
"description": "baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. \r\n\r\n * SQL injection (CWE-89) - CVE-2017-10842\r\n * Arbitary files may be deleted - CVE-2017-10843\r\n * Arbitary PHP code execution - CVE-2017-10844\r\n\r\nShoji Baba reported the vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000203.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.3",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000203",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN78151490/index.html",
"@id": "JVN#78151490",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10842",
"@id": "CVE-2017-10842",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10843",
"@id": "CVE-2017-10843",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10844",
"@id": "CVE-2017-10844",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10842",
"@id": "CVE-2017-10842",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10843",
"@id": "CVE-2017-10843",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10844",
"@id": "CVE-2017-10844",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
}
],
"title": "Multiple vulnerabilities in baserCMS"
}
jvndb-2016-000178
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS vulnerable to cross-site request forgery
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability.
Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000178.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability.\r\n\r\nMasamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000178.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000178",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4882",
"@id": "CVE-2016-4882",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4882",
"@id": "CVE-2016-4882",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "baserCMS vulnerable to cross-site request forgery"
}
jvndb-2016-000177
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS vulnerable to cross-site request forgery
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability.
Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000177.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability.\r\n\r\nNorihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000177.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000177",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4878",
"@id": "CVE-2016-4878",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4878",
"@id": "CVE-2016-4878",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "baserCMS vulnerable to cross-site request forgery"
}
jvndb-2016-000172
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:36
Severity ?
Summary
baserCMS vulnerable to cross-site request forgery
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability.
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000172.html",
"dc:date": "2017-11-27T16:36+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:36+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability.\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000172.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000172",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4876",
"@id": "CVE-2016-4876",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4876",
"@id": "CVE-2016-4876",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "baserCMS vulnerable to cross-site request forgery"
}
jvndb-2016-000181
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS plugin Feed vulnerable to cross-site request forgery
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Feed contain a cross-site request forgery vulnerability.
Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000181.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Feed contain a cross-site request forgery vulnerability.\r\n\r\nMasamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000181.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000181",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4885",
"@id": "CVE-2016-4885",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4885",
"@id": "CVE-2016-4885",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "baserCMS plugin Feed vulnerable to cross-site request forgery"
}
jvndb-2016-000175
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS plugin Blog vulnerable to cross-site scripting
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Blog contain a stored cross-site scripting vulnerability.
Isao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000175.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Blog contain a stored cross-site scripting vulnerability.\r\n\r\nIsao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000175.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000175",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4880",
"@id": "CVE-2016-4880",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4880",
"@id": "CVE-2016-4880",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "baserCMS plugin Blog vulnerable to cross-site scripting"
}
jvndb-2016-000174
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS plugin Mail vulnerable to cross-site request forgery
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a cross-site request forgery vulnerability.
Isao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000174.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a cross-site request forgery vulnerability.\r\n\r\nIsao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000174.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000174",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4879",
"@id": "CVE-2016-4879",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4879",
"@id": "CVE-2016-4879",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "baserCMS plugin Mail vulnerable to cross-site request forgery"
}
jvndb-2016-000183
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS plugin Uploader vulnerable to cross-site request forgery
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Uploader contain a cross-site request forgery vulnerability.
Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000183.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Uploader contain a cross-site request forgery vulnerability.\r\n\r\nMasamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000183.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000183",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4887",
"@id": "CVE-2016-4887",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4887",
"@id": "CVE-2016-4887",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "baserCMS plugin Uploader vulnerable to cross-site request forgery"
}
jvndb-2016-000173
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS plugin Mail vulnerable to cross-site scripting
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a stored cross-site scripting vulnerability.
Isao Takaesu of Mitsui Bussan Secure Directions, Inc. and Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000173.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a stored cross-site scripting vulnerability.\r\n\r\nIsao Takaesu of Mitsui Bussan Secure Directions, Inc. and Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000173.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000173",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4877",
"@id": "CVE-2016-4877",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4877",
"@id": "CVE-2016-4877",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "baserCMS plugin Mail vulnerable to cross-site scripting"
}
jvndb-2016-000182
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS plugin Mail vulnerable to cross-site request forgery
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a cross-site request forgery vulnerability.
Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000182.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a cross-site request forgery vulnerability.\r\n\r\nMasamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000182.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000182",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4886",
"@id": "CVE-2016-4886",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4886",
"@id": "CVE-2016-4886",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "baserCMS plugin Mail vulnerable to cross-site request forgery"
}
jvndb-2016-000176
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS plugin Blog vulnerable to cross-site request forgery
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Blog contain a cross-site request forgery vulnerability.
Isao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000176.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Blog contain a cross-site request forgery vulnerability.\r\n\r\nIsao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000176.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000176",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4881",
"@id": "CVE-2016-4881",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4881",
"@id": "CVE-2016-4881",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "baserCMS plugin Blog vulnerable to cross-site request forgery"
}
jvndb-2016-000179
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS vulnerable to cross-site scripting
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a stored cross-site scripting vulnerability.
Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000179.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a stored cross-site scripting vulnerability.\r\n\r\nMasamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000179.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000179",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4883",
"@id": "CVE-2016-4883",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4883",
"@id": "CVE-2016-4883",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "baserCMS vulnerable to cross-site scripting"
}
jvndb-2016-000180
Vulnerability from jvndb
Published
2016-09-29 16:04
Modified
2017-11-27 16:37
Severity ?
Summary
baserCMS plugin Blog vulnerable to cross-site request forgery
Details
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Blog contain a cross-site request forgery vulnerability.
Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000180.html",
"dc:date": "2017-11-27T16:37+09:00",
"dcterms:issued": "2016-09-29T16:04+09:00",
"dcterms:modified": "2017-11-27T16:37+09:00",
"description": "baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Blog contain a cross-site request forgery vulnerability.\r\n\r\nMasamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000180.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000180",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN92765814/index.html",
"@id": "JVN#92765814",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4884",
"@id": "CVE-2016-4884",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4884",
"@id": "CVE-2016-4884",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "baserCMS plugin Blog vulnerable to cross-site request forgery"
}
jvndb-2016-000030
Vulnerability from jvndb
Published
2016-02-19 14:39
Modified
2016-03-07 15:51
Severity ?
Summary
baserCMS vulnerable to OS command injection
Details
baserCMS is an open-source Contents Management System (CMS). baserCMS contains an OS command injection vulnerability (CWE-78).
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000030.html",
"dc:date": "2016-03-07T15:51+09:00",
"dcterms:issued": "2016-02-19T14:39+09:00",
"dcterms:modified": "2016-03-07T15:51+09:00",
"description": "baserCMS is an open-source Contents Management System (CMS). baserCMS contains an OS command injection vulnerability (CWE-78).\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000030.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000030",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN69854312/index.html",
"@id": "JVN#69854312",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7769",
"@id": "CVE-2015-7769",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7769",
"@id": "CVE-2015-7769",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "baserCMS vulnerable to OS command injection"
}
jvndb-2015-000139
Vulnerability from jvndb
Published
2015-09-30 14:46
Modified
2015-10-07 17:38
Summary
baserCMS vulnerable to SQL injection
Details
baserCMS contains an SQL injection vulnerability.
baserCMS is an open-source Contents Management System (CMS). baserCMS contains a vulnerability that allows an authenticated user to inject arbitrary SQL statements (CWE-89).
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000139.html",
"dc:date": "2015-10-07T17:38+09:00",
"dcterms:issued": "2015-09-30T14:46+09:00",
"dcterms:modified": "2015-10-07T17:38+09:00",
"description": "baserCMS contains an SQL injection vulnerability.\r\nbaserCMS is an open-source Contents Management System (CMS). baserCMS contains a vulnerability that allows an authenticated user to inject arbitrary SQL statements (CWE-89).\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000139.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000139",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN79633796/index.html",
"@id": "JVN#79633796",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5641",
"@id": "CVE-2015-5641",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5641",
"@id": "CVE-2015-5641",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "baserCMS vulnerable to SQL injection"
}
jvndb-2015-000138
Vulnerability from jvndb
Published
2015-09-30 14:46
Modified
2015-10-07 17:38
Summary
baserCMS fails to restrict access permissions
Details
baserCMS is an open-source Contents Management System (CMS). baserCMS contains a vulnerability where user settings may be changed when processing specially crafted request sent by an attacker logged into the system.
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000138.html",
"dc:date": "2015-10-07T17:38+09:00",
"dcterms:issued": "2015-09-30T14:46+09:00",
"dcterms:modified": "2015-10-07T17:38+09:00",
"description": "baserCMS is an open-source Contents Management System (CMS). baserCMS contains a vulnerability where user settings may be changed when processing specially crafted request sent by an attacker logged into the system.\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000138.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000138",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN04855224/index.html",
"@id": "JVN#04855224",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5640",
"@id": "CVE-2015-5640",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5640",
"@id": "CVE-2015-5640",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "baserCMS fails to restrict access permissions"
}
jvndb-2012-000043
Vulnerability from jvndb
Published
2012-05-15 16:56
Modified
2012-05-15 16:56
Summary
baserCMS vulnerable to session management
Details
baserCMS contains a vulnerability in session management.
baserCMS is an open-source Contents Management System (CMS). baserCMS contains a vulnerability in session management.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000043.html",
"dc:date": "2012-05-15T16:56+09:00",
"dcterms:issued": "2012-05-15T16:56+09:00",
"dcterms:modified": "2012-05-15T16:56+09:00",
"description": "baserCMS contains a vulnerability in session management.\r\n\r\nbaserCMS is an open-source Contents Management System (CMS). baserCMS contains a vulnerability in session management.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000043.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000043",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN53465692/index.html",
"@id": "JVN#53465692",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1248",
"@id": "CVE-2012-1248",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1248",
"@id": "CVE-2012-1248",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "baserCMS vulnerable to session management"
}
jvndb-2011-000066
Vulnerability from jvndb
Published
2011-09-30 18:45
Modified
2011-09-30 18:45
Summary
BaserCMS vulnerable to access restriction
Details
BaserCMS contains a vulnerability in access restriction.
BaserCMS is an open-source Contents Management System (CMS). BaserCMS contains a vulnerability in access restriction where adding a user in the user group "operators" which is created by default when BaserCMS is installed.
Masako Ohno reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000066.html",
"dc:date": "2011-09-30T18:45+09:00",
"dcterms:issued": "2011-09-30T18:45+09:00",
"dcterms:modified": "2011-09-30T18:45+09:00",
"description": "BaserCMS contains a vulnerability in access restriction.\r\n\r\nBaserCMS is an open-source Contents Management System (CMS). BaserCMS contains a vulnerability in access restriction where adding a user in the user group \"operators\" which is created by default when BaserCMS is installed.\r\n\r\nMasako Ohno reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000066.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.9",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000066",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN16617002/index.html",
"@id": "JVN#16617002",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2674",
"@id": "CVE-2011-2674",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2674",
"@id": "CVE-2011-2674",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "BaserCMS vulnerable to access restriction"
}
jvndb-2011-000065
Vulnerability from jvndb
Published
2011-09-30 18:39
Modified
2011-09-30 18:39
Summary
BaserCMS vulnerable to cross-site scripting
Details
BaserCMS contains a cross-site scripting vulnerability.
BaserCMS is an open-source Contents Management System (CMS). BaserCMS contains a cross-site scripting vulnerability.
Masako Ohno reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000065.html",
"dc:date": "2011-09-30T18:39+09:00",
"dcterms:issued": "2011-09-30T18:39+09:00",
"dcterms:modified": "2011-09-30T18:39+09:00",
"description": "BaserCMS contains a cross-site scripting vulnerability.\r\n\r\nBaserCMS is an open-source Contents Management System (CMS). BaserCMS contains a cross-site scripting vulnerability.\r\n\r\nMasako Ohno reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000065.html",
"sec:cpe": {
"#text": "cpe:/a:basercms:basercms",
"@product": "baserCMS",
"@vendor": "baserCMS Users Community",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000065",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN09789751/index.html",
"@id": "JVN#09789751",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2673",
"@id": "CVE-2011-2673",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2673",
"@id": "CVE-2011-2673",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "BaserCMS vulnerable to cross-site scripting"
}