Identifier

CVE-2020-15154

Package Slug

packagist/baserproject/basercms

Vulnerability

Cross-site Scripting

Description

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js.

Affected Versions

All versions up to 4.3.6

Solution

Upgrade to version 4.3.7 or above.

Last Modified

2020-09-04

source