{"containers": {"cna": {"affected": [{"product": "basercms", "vendor": "baserproject", "versions": [{"lessThan": "< 4.3.7", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. The issue is fixed in version 4.3.7."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "{\"CWE-79\":\"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\"}", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-08-28T21:10:14", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775"}, {"tags": ["x_refsource_MISC"], "url": "https://basercms.net/security/20200827"}], "source": {"advisory": "GHSA-cpxc-67rc-c775", "discovery": "UNKNOWN"}, "title": "Cross Site Scripting in baserCMS", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15154", "STATE": "PUBLIC", "TITLE": "Cross Site Scripting in baserCMS"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "basercms", "version": {"version_data": [{"version_affected": "<", "version_value": "< 4.3.7"}]}}]}, "vendor_name": "baserproject"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. The issue is fixed in version 4.3.7."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "{\"CWE-79\":\"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\"}"}]}]}, "references": {"reference_data": [{"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775", "refsource": "CONFIRM", "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775"}, {"name": "https://basercms.net/security/20200827", "refsource": "MISC", "url": "https://basercms.net/security/20200827"}]}, "source": {"advisory": "GHSA-cpxc-67rc-c775", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:08:22.291Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://basercms.net/security/20200827"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15154", "datePublished": "2020-08-28T21:10:14", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2024-08-04T13:08:22.291Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D8C0605-796C-4AA8-ACD8-1444D95A121B", "versionEndIncluding": "4.3.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. The issue is fixed in version 4.3.7."}, {"lang": "es", "value": "baserCMS versiones 4.3.6 y anteriores, esta afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) por medio de la ejecuci\u00f3n de un script arbitrario. Se requiere acceso de administrador para explotar esta vulnerabilidad. Los componentes afectados son: los archivos content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. El problema es corregido en la versi\u00f3n 4.3.7"}], "id": "CVE-2020-15154", "lastModified": "2024-11-21T05:04:57.557", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-28T21:15:11.917", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://basercms.net/security/20200827"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://basercms.net/security/20200827"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}