CVE-2020-15154

Cross Site Scripting in baserCMS

CVSS 7.3 HIGHEPSS 1.0%CWE-79

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.3EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

28 ago 2020Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. The issue is fixed in version 4.3.7.

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

Produtos afetados

baserproject · basercms

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://basercms.net/security/20200827 https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775