CVE-2020-15155

Sažetak

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7.

Reference

https://basercms.net/security/20200827
https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f
https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:H/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

03-09-2020 - 14:22

Objavljeno

28-08-2020 - 22:15