CVE-2020-15155

HIGH7.3EPSS 0.87%

Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings

Published: 8/28/2020Modified: 3/13/2026

Description

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7.

Affected packages (1)

Packagist/baserproject/basercms>= 4.0.0, < 4.3.7

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.3	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-15155
WEBhttps://basercms.net/security/20200827
WEBhttps://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f
WEBhttps://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3