Lucene search

GitHub_MCVELIST:CVE-2020-15154

HistoryAug 28, 2020 - 9:10 p.m.

CVE-2020-15154 Cross Site Scripting in baserCMS

2020-08-2821:10:14

CWE-79

GitHub_M

www.cve.org

cve-2020-15154

cross site scripting

basercms

admin access

content_fields.php

content_info.php

content_options.php

content_related.php

index_list_tree.php

jquery.bctree.js

version 4.3.7 fix

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

EPSS

0.001

Percentile

28.8%

JSON

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. The issue is fixed in version 4.3.7.

CNA Affected

[
  {
    "product": "basercms",
    "vendor": "baserproject",
    "versions": [
      {
        "lessThan": "< 4.3.7",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

basercms.net/security/20200827

github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

EPSS

0.001

Percentile

28.8%

JSON

Related for CVELIST:CVE-2020-15154