CyberSec.Space Logo
Back to CVE Browser

CVE-2020-15276

HIGH
7.7
CVSS Severity Score
EPSS Score0.1370%
EPSS Percentile23.73th
PublishedOct 30, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.

Affected Platforms (CPE)

πŸ“¦
Basercms

Basercms

>= 4.0.0 and < 4.4.1

References & Advisories

πŸ”— https://basercms.net/security/20201029
πŸ”— https://github.com/baserproject/basercms/commit/d14f506385f21d67d5ff3462f204d4c2321b7c54
πŸ”— https://github.com/baserproject/basercms/security/advisories/GHSA-fw5q-j9p4-3vxg
πŸ”— https://basercms.net/security/20201029
πŸ”— https://github.com/baserproject/basercms/commit/d14f506385f21d67d5ff3462f204d4c2321b7c54
πŸ”— https://github.com/baserproject/basercms/security/advisories/GHSA-fw5q-j9p4-3vxg

Related Vulnerabilities

CVE-2017-108429.8

SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL...

CVE-2021-412439.1

There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users wit...

CVE-2016-11728.8

Cross-site request forgery (CSRF) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to hijack ...

CVE-2016-11708.8

Cross-site request forgery (CSRF) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to hijack...