Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyM20tajZ4NS00OG0z
Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7.
Permalink: https://github.com/advisories/GHSA-4r3m-j6x5-48m3JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyM20tajZ4NS00OG0z
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 3 years ago
Updated: over 1 year ago
CVSS Score: 7.3
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
Identifiers: GHSA-4r3m-j6x5-48m3, CVE-2020-15155
References:
- https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3
- https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f
- https://basercms.net/security/20200827
- https://nvd.nist.gov/vuln/detail/CVE-2020-15155
- https://github.com/advisories/GHSA-4r3m-j6x5-48m3
Blast Radius: 4.4
Affected Packages
packagist:baserproject/basercms
Dependent packages: 0Dependent repositories: 4
Downloads: 38 total
Affected Version Ranges: >= 4.0.0, <= 4.3.6
Fixed in: 4.3.7
All affected versions: 4.0.0, 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5
All unaffected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 1.0.0, 2.0.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.0.20, 3.0.21, 3.0.22, 3.0.23, 3.0.24, 3.0.25, 3.0.26, 4.4.8, 4.5.4, 4.8.1, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14