CVE-2020-15155
Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings
7.3
HIGH
CVSS 3.1
EPSS 0.87%
Description
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7.
How to fix CVE-2020-15155
To remediate CVE-2020-15155, upgrade the affected package to a fixed version below.
- —upgrade to 4.3.7 or later
Is CVE-2020-15155 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 4.0.0, < 4.3.7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.3 | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N |