CVE-2021-20681 — Cross-site Scripting in Basercms

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 57.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Basercms Baserproject Basercms Basercms Users Community Basercms

Timeline

PublishedMar 26

Latest updateJun 8

Description

Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶NVDbasercms/basercms< 4.4.5

▶Packagistbaserproject/basercms< 4.4.5

▶CVEListV5basercms_users_community/basercmsversions prior to 4.4.5

Patches

Patch: basercms.net ↗Patch: basercms.net ↗

🔴Vulnerability Details

GHSA

Cross-site Scripting (XSS) in baserCMS↗2021-06-08

▶

OSV

Cross-site Scripting (XSS) in baserCMS↗2021-06-08

▶