CVE-2020-15159 — Cross-site Scripting in Basercms

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

7.6HIGHNVD

EPSS

1.6%

top 18.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Baserproject Basercms Basercms

Timeline

PublishedAug 28

Description

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file.The affected components are ThemeFilesController.php and UploaderFilesController.php. This is fixed in version 4.3.7.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 1.0 | Impact: 6.0

Affected Packages3 packages

▶CVEListV5baserproject/basercmsunspecified — < 4.3.7

▶Packagistbaserproject/basercms4.0.0 — 4.3.7

▶NVDbasercms/basercms4.3.6

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Cross Site Scripting and RCE in baserCMS↗2020-08-28

▶

OSV

Cross Site Scripting and RCE in baserCMS↗2020-08-28

▶