CVE-2020-15154

Опубликовано: 28 авг. 2020

Источник: nvd

CVSS3: 7.3

CVSS2: 2.1

EPSS Низкий

Описание

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. The issue is fixed in version 4.3.7.

Ссылки

https://basercms.net/security/20200827
Patch
Vendor Advisory
https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775
Patch
Third Party Advisory
https://basercms.net/security/20200827
Patch
Vendor Advisory
https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*

Версия до 4.3.6 (включая)

EPSS

Процентиль: 73%

0.00784

Низкий

7.3 High

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-cpxc-67rc-c775