CVE-2021-20683

2021-03-2609:15:12

Google

osv.dev

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

29.4%

JSON

Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.

CPENameOperatorVersion
basercmseqbasercms-3.0.6-beta
basercmseqbasercms-3.0.11
basercmseqbasercms-2.0.2
basercmseqbasercms-4.1.2
basercmseqbasercms-3.0.1
basercmseqbasercms-4.0.2
basercmseqbasercms-4.0.8
basercmseqbasercms-4.3.1
basercmseqbasercms-4.3.5
basercmseqbasercms-2.0.3

Name	Operator	Version
basercms	eq	basercms-3.0.6-beta
basercms	eq	basercms-3.0.11
basercms	eq	basercms-2.0.2
basercms	eq	basercms-4.1.2
basercms	eq	basercms-3.0.1
basercms	eq	basercms-4.0.2
basercms	eq	basercms-4.0.8
basercms	eq	basercms-4.3.1
basercms	eq	basercms-4.3.5
basercms	eq	basercms-2.0.3