CVE-2021-39136

{"id": "CVE-2021-39136", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.3}]}, "published": "2021-08-25T18:15:07.177", "references": [{"url": "http://jvn.jp/en/jp/JVN14134801/index.html", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://basercms.net/security/JVN_14134801", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bc", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS. Users are advised to update as soon as possible. No workaround are available to mitigate this issue."}, {"lang": "es", "value": "baserCMS es un sistema de administraci\u00f3n de contenidos de c\u00f3digo abierto centrado en el soporte del idioma Japon\u00e9s. En las versiones afectadas se presenta una vulnerabilidad de tipo cross-site scripting en la funci\u00f3n file upload del sistema de administraci\u00f3n de baserCMS. Se recomienda a usuarios que actualicen lo antes posible. No se presentan soluciones disponibles para mitigar este problema."}], "lastModified": "2021-08-30T17:45:19.047", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7E59D36-01FB-4FA5-A518-9D586B5274C8", "versionEndExcluding": "4.5.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}