CVE-2020-15154

Cross Site Scripting in baserCMS

CVSS 7.3 HIGHEPSS 1.0%CWE-79

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.3EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

28 ago 2020Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. The issue is fixed in version 4.3.7.

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

Productos afectados

baserproject · basercms

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://basercms.net/security/20200827 https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775