CVE-2020-15276
published 2020-10-30CVE-2020-15276: baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The…
PriorityP337high8.7CVSS 3.1
AVNACLPRLUIRSCCHIHAN
EPSS
0.99%
58.1th percentile
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| basercms | basercms | >= 4.0.0 < 4.4.1 | 4.4.1 |
| baserproject | basercms | — | — |
| baserproject | basercms | >= 4.4.0 < 4.4.1 | 4.4.1 |
CVSS provenance
nvdv3.18.7HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
osv·2020-10-30
CVE-2020-15276 [LOW] Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
baserCMS 4.4.0 and earlier is affected by Cross Site Scripting (XSS).
Impact: XSS via Arbitrary script execution.
Components are: Blog comment posting
Tested baserCMS Version : 4.4.0 (Latest)
Affected baserCMS Version : 4.0.0 ~ 4.4.0
Patches : https://basercms.net/security/20201029
Found by yama
GHSA
Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
ghsa·2020-10-30
CVE-2020-15276 [LOW] CWE-79 Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
baserCMS 4.4.0 and earlier is affected by Cross Site Scripting (XSS).
Impact: XSS via Arbitrary script execution.
Components are: Blog comment posting
Tested baserCMS Version : 4.4.0 (Latest)
Affected baserCMS Version : 4.0.0 ~ 4.4.0
Patches : https://basercms.net/security/20201029
Found by yama
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://basercms.net/security/20201029https://github.com/baserproject/basercms/commit/d14f506385f21d67d5ff3462f204d4c2321b7c54https://github.com/baserproject/basercms/security/advisories/GHSA-fw5q-j9p4-3vxghttps://basercms.net/security/20201029https://github.com/baserproject/basercms/commit/d14f506385f21d67d5ff3462f204d4c2321b7c54https://github.com/baserproject/basercms/security/advisories/GHSA-fw5q-j9p4-3vxg
2020-10-30
Published