CVE-2016-4877

2017-05-1218:29:00

Google

osv.dev

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.5%

JSON

Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

CPENameOperatorVersion
basercmseqbasercms-3.0.6.1
basercmseqbasercms-2.0.0
basercmseqbasercms-3.0.10
basercmseqbasercms-2.0.0-beta
basercmseqbasercms-3.0.9
basercmseqbasercms-3.0.4
basercmseqbasercms-3.0.6-beta
basercmseqbasercms-3.0.5
basercmseqbasercms-2.0.1
basercmseqbasercms-2.0.3

Name	Operator	Version
basercms	eq	basercms-3.0.6.1
basercms	eq	basercms-2.0.0
basercms	eq	basercms-3.0.10
basercms	eq	basercms-2.0.0-beta
basercms	eq	basercms-3.0.9
basercms	eq	basercms-3.0.4
basercms	eq	basercms-3.0.6-beta
basercms	eq	basercms-3.0.5
basercms	eq	basercms-2.0.1
basercms	eq	basercms-2.0.3