CVE-2024-46996 MEDIUM

CVE-2024-46996: baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature

Vendor Baserproject

Product basercms

Weakness CWE-79 · XSS

Published October 24, 2024

Last update October 24, 2024

View on NVD All CVEs

CVSS base score

6.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue.

Key dates

02Disclosure timeline

October 24, 2024 CVE published

October 24, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-46996 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2016-20027 ZKTeco ZKBioSecurity 3.0 Multiple Reflected XSS Vulnerabilities CVE-2022-41679 Cross-site scripting in Forma LMS version CVE-2026-23695 Cockpit CMS 2.14.0 Stored XSS via Set Field Display Template CVE-2025-23905 WordPress Admin Options Pages plugin <= 0.9.7 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-49944 WordPress WPCode Content Ratio plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability