CVE-2021-20683Cross-site Scripting in Basercms

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 57.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
BasercmsBaserproject BasercmsBasercms Users Community Basercms
Timeline
PublishedMar 26
Latest updateJun 8

Description

Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

NVDbasercms/basercms< 4.4.5
Packagistbaserproject/basercms< 4.4.5
CVEListV5basercms_users_community/basercmsversions prior to 4.4.5

Patches

Patch: basercms.netPatch: basercms.net

🔴Vulnerability Details

2
GHSA
Cross-site Scripting (XSS) in baserCMS2021-06-08
OSV
Cross-site Scripting (XSS) in baserCMS2021-06-08