CVE-2022-42486: 
PHP vulnerability analysis and mitigation

A stored cross-site scripting (XSS) vulnerability was discovered in baserCMS versions prior to 4.7.2. The vulnerability (CVE-2022-42486) specifically affects the User group management functionality of the content management system, allowing a remote authenticated attacker with administrative privileges to inject arbitrary scripts (JVN Report, BaserCMS Security).

The vulnerability is classified as a stored XSS (CWE-79) with a CVSS v3.0 Base Score of 4.8 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N). The attack requires high privileges and user interaction, with the potential to affect cross-origin resources. The vulnerability was discovered alongside two other XSS issues in the same product (CVE-2022-39325 and CVE-2022-41994) (JVN Report).

When exploited, the vulnerability allows an attacker to execute malicious JavaScript code that could alter page displays and potentially lead to cookie information leakage. The impact is limited to users accessing the administrative interface of the system (BaserCMS Security).

The vulnerability has been patched in baserCMS version 4.7.2. Users are strongly advised to update to this version or later to address the security issue. No alternative workarounds are provided in the available documentation (BaserCMS Security).