CVE-2020-15155

HIGH7.3EPSS 0.87%

Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings

發布日:2020/8/28修改日:2026/3/13

描述

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7.

受影響套件(1)

Packagist/baserproject/basercms>= 4.0.0, < 4.3.7

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.3	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-15155
WEBhttps://basercms.net/security/20200827
WEBhttps://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f
WEBhttps://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3