CVE-2023-29009 MEDIUM

CVE-2023-29009: basercms XSS Vulnerability via Favorites Feature

Vendor Baserproject

Product basercms

Weakness CWE-79 · XSS

Published October 27, 2023

Last update September 9, 2024

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.

Key dates

02Disclosure timeline

October 27, 2023 CVE published

September 9, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-29009 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-0871 Maybecms Add Article index.php cross site scripting CVE-2024-9272 R Animated Icon Plugin <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload CVE-2025-30610 WordPress WP Social Widget plugin <= 2.2.7 - Cross Site Scripting (XSS) Vulnerability CVE-2021-36833 WordPress MC4WP plugin <= 4.8.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability CVE-2024-56366 PhpSpreadsheet vulnerable to unauthorized reflected XSS in the Accounting.php file