CVE-2020-15155 – baserproject/basercms

Package

Manager: composer
Name: baserproject/basercms
Vulnerable Version: >=4.0.0 <4.3.7

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

EPSS: 0.00868 pctl0.74308

Details

Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7.

Metadata

Created: 2020-08-28T21:20:42Z
Modified: 2021-01-07T23:39:22Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/08/GHSA-4r3m-j6x5-48m3/GHSA-4r3m-j6x5-48m3.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-4r3m-j6x5-48m3
Finding: F425
Auto approve: 1