CVE-2020-15155

Published: Aug 28, 2020Modified: Nov 21, 2024

7.3

Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

Exploitability: 1.0 / Impact: 5.8

Source: NVD

Description

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7.

Affected (1)

Products: Basercms: Basercms

Basercms

1 product

Basercms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Basercms Basercms	Up to 4.3.6

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

https://basercms.net/security/20200827

Source: security-advisories@github.com

Vendor Advisory

https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3

Source: security-advisories@github.com

PatchThird Party Advisory

https://basercms.net/security/20200827

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.