CVE-2020-15273

Опубликовано: 30 окт. 2020

Источник: nvd

CVSS3: 7.3

CVSS3: 8.1

CVSS2: 3.5

EPSS Низкий

Описание

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, subsite setting list, widget area edit, and feed list on the management screen. The issue was introduced in version 4.0.0. It is fixed in version 4.4.1.

Ссылки

https://github.com/baserproject/basercms/commit/b70474ef9dcee6ad8826360884625dc7ca9041a1
Patch
Third Party Advisory
https://github.com/baserproject/basercms/security/advisories/GHSA-wpww-4jf4-4hx8
Patch
Third Party Advisory
https://packagist.org/packages/baserproject/basercms
Third Party Advisory
https://github.com/baserproject/basercms/commit/b70474ef9dcee6ad8826360884625dc7ca9041a1
Patch
Third Party Advisory
https://github.com/baserproject/basercms/security/advisories/GHSA-wpww-4jf4-4hx8
Patch
Third Party Advisory
https://packagist.org/packages/baserproject/basercms
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*

Версия от 4.0.0 (включая) до 4.4.1 (исключая)

EPSS

Процентиль: 61%

0.00414

Низкий

7.3 High

CVSS3

8.1 High

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-wpww-4jf4-4hx8

CVSS3: 7.3

github

больше 5 лет назад

Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0

EPSS

Процентиль: 61%

0.00414

Низкий

7.3 High

CVSS3

8.1 High

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79