CVE-2021-20683

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-20683

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20683.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-20683

Aliases

GHSA-v9w8-hq92-v39m

Published

2021-03-26T09:15:12.167Z

Modified

2025-11-20T11:29:35.141732Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.

References

Affected packages

Git / github.com/baserproject/basercms

Affected ranges

Type: GIT
Repo: https://github.com/baserproject/basercms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ac7824e7c617f54f12686cef01a2e30e5b07dd83

Affected versions

2.*

2.0.0

2.0.0-beta

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.5.1

2.1.0

2.1.1

2.1.2

3.*

3.0.0

3.0.1

3.0.10

3.0.11

3.0.11.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.5.1

3.0.6

3.0.6-beta

3.0.6.1

3.0.7

3.0.8

3.0.9

4.*

4.0.0

4.0.0-beta

4.0.1

4.0.10

4.0.10.1

4.0.11

4.0.2

4.0.2.1

4.0.3

4.0.4

4.0.5

4.0.5.1

4.0.5.2

4.0.6

4.0.7

4.0.8

4.0.9

4.1.0

4.1.0.1

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.1.7

4.1.8

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.3.0

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.3.7

4.3.7.1

4.4.0

4.4.1

4.4.1.1

4.4.2

4.4.2.1

4.4.3

4.4.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20683.json"