CVE-2020-15155 - OpenCVE

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Basercms	Basercms

Configuration 1 [-]

cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://basercms.net/security/20200827
https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f
https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-08-28T21:40:15

Updated: 2024-08-04T13:08:21.880Z

Reserved: 2020-06-25T00:00:00

Link: CVE-2020-15155

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-08-28T22:15:10.563

Modified: 2020-09-03T14:22:12.027

Link: CVE-2020-15155

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "basercms", "vendor": "baserproject", "versions": [{"lessThan": "< 4.3.7", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "{\"CWE-79\":\"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\"}", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-08-28T21:40:15", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://basercms.net/security/20200827"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f"}], "source": {"advisory": "GHSA-4r3m-j6x5-48m3", "discovery": "UNKNOWN"}, "title": "Cross-Site Scripting in baserCMS", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15155", "STATE": "PUBLIC", "TITLE": "Cross-Site Scripting in baserCMS"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "basercms", "version": {"version_data": [{"version_affected": "<", "version_value": "< 4.3.7"}]}}]}, "vendor_name": "baserproject"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "{\"CWE-79\":\"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\"}"}]}]}, "references": {"reference_data": [{"name": "https://basercms.net/security/20200827", "refsource": "MISC", "url": "https://basercms.net/security/20200827"}, {"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3", "refsource": "CONFIRM", "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3"}, {"name": "https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f", "refsource": "MISC", "url": "https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f"}]}, "source": {"advisory": "GHSA-4r3m-j6x5-48m3", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:08:21.880Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://basercms.net/security/20200827"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15155", "datePublished": "2020-08-28T21:40:15", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2024-08-04T13:08:21.880Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D8C0605-796C-4AA8-ACD8-1444D95A121B", "versionEndIncluding": "4.3.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7."}, {"lang": "es", "value": "baserCMS versiones 4.3.6 y anteriores, esta afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) por medio de la ejecuci\u00f3n de un script arbitrario. Se requiere acceso de administrador para explotar esta vulnerabilidad. El componente afectado es el archivo toolbar.php. El problema es corregido en la versi\u00f3n 4.3.7"}], "id": "CVE-2020-15155", "lastModified": "2020-09-03T14:22:12.027", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-08-28T22:15:10.563", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://basercms.net/security/20200827"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}