CVE-2021-39136
Last modified
CVE-2021-39136 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS. EPSS estimates a 0.93% chance of exploitation in the next 30 days.
Description
baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS. Users are advised to update as soon as possible. No workaround are available to mitigate this issue.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Basercms | Basercms | < 4.5.1 |
References
- http://jvn.jp/en/jp/JVN14134801/index.htmlThird Party Advisory
- https://basercms.net/security/JVN_14134801Vendor Advisory
- https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bcPatch, Third Party Advisory
- https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3Third Party Advisory
- http://jvn.jp/en/jp/JVN14134801/index.htmlThird Party Advisory
- https://basercms.net/security/JVN_14134801Vendor Advisory
- https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bcPatch, Third Party Advisory
- https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-39136?
How severe is CVE-2021-39136?
How do I fix CVE-2021-39136?
Are you affected by CVE-2021-39136?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST