CVE-2021-20683
Cross-site Scripting (XSS) in baserCMS
5.4
MEDIUM
CVSS 3.1
EPSS 0.20%
Description
Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
How to fix CVE-2021-20683
To remediate CVE-2021-20683, upgrade the affected package to a fixed version below.
- Packagist/baserproject/basercms—upgrade to 4.4.5 or later
Is CVE-2021-20683 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.4.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |