CVE-2020-15276

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-15276

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15276.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-15276

Aliases

GHSA-fw5q-j9p4-3vxg

Related

GHSA-fw5q-j9p4-3vxg

Published

2020-10-30T19:15:12.707Z

Modified

2025-11-20T11:17:42.201841Z

Severity

8.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.

References

Affected packages

Git / github.com/baserproject/basercms

Affected ranges

Type: GIT
Repo: https://github.com/baserproject/basercms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d14f506385f21d67d5ff3462f204d4c2321b7c54

Affected versions

2.*

2.0.0

2.0.0-beta

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.5.1

2.1.0

2.1.1

2.1.2

3.*

3.0.0

3.0.1

3.0.10

3.0.11

3.0.11.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.5.1

3.0.6

3.0.6-beta

3.0.6.1

3.0.7

3.0.8

3.0.9

4.*

4.0.0

4.0.0-beta

4.0.1

4.0.10

4.0.10.1

4.0.11

4.0.2

4.0.2.1

4.0.3

4.0.4

4.0.5

4.0.5.1

4.0.5.2

4.0.6

4.0.7

4.0.8

4.0.9

4.1.0

4.1.0.1

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.1.7

4.1.8

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.3.0

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.3.7

4.3.7.1

4.4.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15276.json"