Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.

Affected Packages

Packagist baserproject/basercms

Affected versions: 0 (fixed in 4.7.2)

Related CVEs

CVE-2022-42486

Key Information

GHSA ID

GHSA-7w2v-35j3-xrm9

Published

December 7, 2022 6:30 AM

Last Modified

December 7, 2022 2:56 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

baserproject/basercms

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 15, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.