Vulnerability Details : CVE-2021-39136
baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS. Users are advised to update as soon as possible. No workaround are available to mitigate this issue.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2021-39136
- cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-39136
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 32 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-39136
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
6.8
|
2.9
|
NIST | |
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
2.3
|
2.7
|
NIST | |
8.7
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N |
2.3
|
5.8
|
GitHub, Inc. |
CWE ids for CVE-2021-39136
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: security-advisories@github.com (Primary)
References for CVE-2021-39136
-
http://jvn.jp/en/jp/JVN14134801/index.html
JVN#14134801: baserCMS vulnerable to cross-site scriptingThird Party Advisory
-
https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bc
Merge pull request from GHSA-hgjr-632x-qpp3 · baserproject/basercms@568d4ca · GitHubPatch;Third Party Advisory
-
https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3
Cross-site scripting vulnerability in file upload · Advisory · baserproject/basercms · GitHubThird Party Advisory
-
https://basercms.net/security/JVN_14134801
Vendor Advisory
Jump to