GHSA-4r3m-j6x5-48m3

Source

https://github.com/advisories/GHSA-4r3m-j6x5-48m3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/08/GHSA-4r3m-j6x5-48m3/GHSA-4r3m-j6x5-48m3.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-4r3m-j6x5-48m3

Aliases

CVE-2020-15155

Published

2020-08-28T21:20:42Z

Modified

2023-11-08T04:02:31.556458Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N CVSS Calculator

Summary

Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings

Details

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7.

Database specific

{
    "nvd_published_at": null,
    "github_reviewed_at": "2020-08-28T21:20:29Z",
    "severity": "LOW",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Packagist / baserproject/basercms

Package

Name: baserproject/basercms
Purl: pkg:composer/baserproject/basercms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.3.7

Database specific

{
    "last_known_affected_version_range": "<= 4.3.6"
}