CVE-2022-42486: baserCMS vulnerable to stored Cross-site Scripting

December 7, 2022 (updated December 12, 2022)

Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.

References

basercms.net/security/JVN_53682526
github.com/advisories/GHSA-7w2v-35j3-xrm9
jvn.jp/en/jp/JVN53682526/index.html
nvd.nist.gov/vuln/detail/CVE-2022-42486

Detect and mitigate CVE-2022-42486 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →