CVE-2020-15154 — Cross-site Scripting in Basercms

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

7.3HIGHNVD

EPSS

0.8%

top 26.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Baserproject Basercms Basercms

Timeline

PublishedAug 28

Description

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. The issue is fixed in version 4.3.7.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:NExploitability: 1.0 | Impact: 5.8

Affected Packages3 packages

▶CVEListV5baserproject/basercmsunspecified — < 4.3.7

▶Packagistbaserproject/basercms4.0.0 — 4.3.7

▶NVDbasercms/basercms4.3.6

Patches

Patch: basercms.net ↗Patch: github.com ↗Patch: basercms.net ↗

🔴Vulnerability Details

GHSA

Cross Site Scripting in baserCMS↗2020-08-28

▶

OSV

Cross Site Scripting in baserCMS↗2020-08-28

▶