What is CVE-2020-15155?

CVE-2020-15155 is a high-severity vulnerability in Baserproject Basercms, classified under Cross-site Scripting. CVSS score: 7.3/10. Published 2020-08-28.

How severe is CVE-2020-15155?

High severity. CVSS v3 base score is 7.3 out of 10.

XSS in Baserproject Basercms

CVE-2020-15155

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.009 (75.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N.

Affected products

Baserproject Basercms — versions unspecified

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

basercms.net/security/20200827 (x_refsource_MISC)
github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3 (x_refsource_CONFIRM)
github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-15155?: CVE-2020-15155 is a high-severity vulnerability in Baserproject Basercms, classified under Cross-site Scripting. CVSS score: 7.3/10. Published 2020-08-28.
How severe is CVE-2020-15155?: High severity. CVSS v3 base score is 7.3 out of 10.