CVE-2020-15155

Description

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Affected products

baserproject / basercmsunspecified – < 4.3.7

References

MISChttps://basercms.net/security/20200827
VENDOR_ADVISORYhttps://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3
PATCHhttps://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f