cvedb.io
CVE-2018-18943
MEDIUM · CVSS 4.8
EPSS exploitation probability: 0%
Published 2018-11-05T09:29:00.617 · Last modified 2026-06-17T01:48:10.063

Summary

An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI.

Affected products

basercms — basercms

Does this affect you?

Add your gear to cvedb and we'll alert you only when basercms ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.