CVE-2020-15276 — Cross-site Scripting in Basercms

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

8.7HIGHNVD

EPSS

0.6%

top 30.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Basercms Baserproject Basercms

Timeline

PublishedOct 30

Description

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:NExploitability: 2.3 | Impact: 5.8

Affected Packages3 packages

▶NVDbasercms/basercms4.0.0 — 4.4.1

▶Packagistbaserproject/basercms4.4.0 — 4.4.1

▶CVEListV5baserproject/basercms>= 4.0.0, < 4.4.1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0↗2020-10-30

▶

GHSA

Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0↗2020-10-30

▶