CVE-2020-15159 HIGH

CVE-2020-15159: Cross Site Scripting leading to RCE in baserCMS

Vendor Baserproject
Product basercms
Weakness CWE-79 · XSS
Published August 28, 2020
Last update August 4, 2024
View on NVD All CVEs

CVSS base score

7.6/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file.The affected components are ThemeFilesController.php and UploaderFilesController.php. This is fixed in version 4.3.7.

Key dates

02Disclosure timeline

August 28, 2020 CVE published
August 4, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-1871 SourceCodester Employee Management System Project Assignment Report assignp.php cross site scripting CVE-2024-4663 OSM Map Widget for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter CVE-2025-59983 Junos Space: Template Definition page is vulnerable to reflected cross-site script injection CVE-2021-47699 Nagios XI < 5.8.7 XSS in Audit Log via Send to NLS Form CVE-2022-39279 Discourse-chat plugin susceptible to XSS in channel name and description