{"id":"CVE-2018-18943","details":"An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI.","aliases":["GHSA-fx2m-5m9v-jhgp"],"modified":"2026-05-18T12:10:38.205240Z","published":"2018-11-05T09:29:00.617Z","references":[{"type":"ADVISORY","url":"https://basercms.net/release/4_1_4"},{"type":"EVIDENCE","url":"http://sunu11.com/2018/10/31/baserCMS/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/baserproject/basercms","events":[{"introduced":"0"},{"fixed":"7d77f7d9b792871fc7b18d11b1e2a800118b79c7"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"4.1.4"}],"cpe":"cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["4.1.3","4.1.1","4.1.0.1","4.1.0","4.0.7","4.0.6","4.0.0","3.0.7","3.0.0","3.0.1","3.0.2","3.0.4","3.0.5.1","3.0.3","4.0.0-beta","3.0.6","3.0.6-beta","3.0.5","2.1.2","2.1.0","2.0.3","2.0.2","2.0.1","2.0.0","2.0.0-beta"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-18943.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}]}