CVE-2022-42486 in baserCMS
Summary
by MITRE • 12/07/2022
Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 04/24/2025
The stored cross-site scripting vulnerability identified as CVE-2022-42486 affects baserCMS versions prior to 4.7.2 and represents a critical security flaw in the user group management functionality. This vulnerability resides within the administrative interface where user groups are managed, creating a persistent XSS attack vector that can be exploited by authenticated attackers possessing administrative privileges. The flaw allows an attacker to inject malicious scripts that will execute in the context of other users who view the affected user group information, potentially leading to unauthorized access, data exfiltration, or complete system compromise. The vulnerability is classified as a stored XSS due to the persistence of the malicious payload within the application's database rather than requiring immediate execution through a single request.
The technical implementation of this vulnerability stems from inadequate input validation and output sanitization within the user group management module of baserCMS. When administrators create or modify user groups, the application fails to properly sanitize user-supplied data before storing it in the database and subsequently rendering it to other users. This allows an attacker with administrative access to inject malicious JavaScript code through the user group management interface, which then gets executed whenever other users view the affected group information. The vulnerability specifically impacts the handling of user group names, descriptions, or other editable fields that are displayed in the administrative interface. According to CWE classification, this vulnerability maps to CWE-79 which represents Cross-site Scripting and specifically addresses the stored variant where malicious scripts are stored on the target server and executed when accessed by other users.
The operational impact of CVE-2022-42486 extends beyond simple script injection as it provides attackers with a persistent foothold within the application environment. Once exploited, the malicious scripts can access session cookies, perform actions on behalf of users, steal sensitive information, or redirect users to malicious sites. The administrative privilege requirement limits the initial attack surface but does not eliminate the severity, as compromising administrative accounts typically provides broad access to system resources and user data. Attackers can leverage this vulnerability to escalate privileges further or establish persistent access points within the organization's web infrastructure. The attack vector requires authentication but not necessarily elevated privileges beyond administrative access, making it particularly dangerous in environments where administrative accounts may be compromised through other means.
Organizations affected by this vulnerability should immediately implement mitigations including updating to baserCMS version 4.7.2 or later, which contains the necessary patches to address the XSS vulnerability. Additionally, administrators should conduct thorough security audits of user group configurations and monitor for suspicious activities in administrative accounts. The implementation of Content Security Policy headers can provide an additional layer of protection against XSS attacks by restricting script execution within the application. Network segmentation and privileged access controls should be enforced to limit the potential damage from compromised administrative accounts. Security monitoring should include detection of unusual administrative activities and changes to user group configurations that could indicate exploitation attempts. This vulnerability aligns with ATT&CK technique T1566 which covers spearphishing with a link and T1059 which encompasses command and scripting interpreter, as attackers can use the XSS payload to establish command execution capabilities or redirect users to malicious content. The vulnerability demonstrates the critical importance of input validation and output encoding in web applications, particularly within administrative interfaces where the potential for damage is significantly elevated due to the elevated privileges of the compromised accounts.