CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-15276

HIGH
7.7
CVSS Severity Score
EPSS Score0.1370%
EPSS Percentile23.73th
Published2020年10月30日
Last Modified2024年11月21日

Vulnerability Description

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.

Affected Platforms (CPE)

📦
Basercms

Basercms

>= 4.0.0 and < 4.4.1

References & Advisories

🔗 https://basercms.net/security/20201029
🔗 https://github.com/baserproject/basercms/commit/d14f506385f21d67d5ff3462f204d4c2321b7c54
🔗 https://github.com/baserproject/basercms/security/advisories/GHSA-fw5q-j9p4-3vxg
🔗 https://basercms.net/security/20201029
🔗 https://github.com/baserproject/basercms/commit/d14f506385f21d67d5ff3462f204d4c2321b7c54
🔗 https://github.com/baserproject/basercms/security/advisories/GHSA-fw5q-j9p4-3vxg

相关漏洞威胁

CVE-2017-108429.8

SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL...

CVE-2021-412439.1

There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users wit...

CVE-2016-11728.8

Cross-site request forgery (CSRF) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to hijack ...

CVE-2016-11708.8

Cross-site request forgery (CSRF) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to hijack...