CVE-2023-44379: 
PHP vulnerability analysis and mitigation

CVE-2023-44379 is a cross-site scripting (XSS) vulnerability discovered in baserCMS, a website development framework. The vulnerability affects versions prior to 5.0.9 and specifically impacts the site search feature. The issue was disclosed on February 22, 2024, and has been assigned a CVSS v3.1 base score of 6.1 (Medium) (GitHub Advisory).

The vulnerability exists in the site search feature of baserCMS where user input is not properly sanitized. The issue is specifically related to the improper handling of the 'escape' parameter in the site search form templates. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, but does require user interaction (NVD).

If exploited, this vulnerability could allow attackers to execute arbitrary scripts in the context of other users' browsers when they interact with the site search feature. This primarily affects instances where the management screen is accessible to multiple users (Vendor Advisory).

The primary mitigation is to update to baserCMS version 5.0.9 or later. For custom themes, users need to modify the sitesearchform.php or search.php files by removing the 'escape => false' parameter from the BcForm->control and BcBaser->formControl functions (Vendor Advisory).