CVE-2020-15155

2020-08-2822:15:10

Google

osv.dev

0.001 Low

EPSS

Percentile

46.4%

JSON

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7.

CPENameOperatorVersion
basercmseqbasercms-4.3.4
basercmseqbasercms-3.0.5.1
basercmseqbasercms-4.0.5.2
basercmseqbasercms-4.0.7
basercmseqbasercms-4.1.2
basercmseqbasercms-3.0.8
basercmseqbasercms-4.2.5
basercmseqbasercms-2.0.3
basercmseqbasercms-4.0.10.1
basercmseqbasercms-4.1.1

Name	Operator	Version
basercms	eq	basercms-4.3.4
basercms	eq	basercms-3.0.5.1
basercms	eq	basercms-4.0.5.2
basercms	eq	basercms-4.0.7
basercms	eq	basercms-4.1.2
basercms	eq	basercms-3.0.8
basercms	eq	basercms-4.2.5
basercms	eq	basercms-2.0.3
basercms	eq	basercms-4.0.10.1
basercms	eq	basercms-4.1.1