CVE-2020-15276 HIGH

CVE-2020-15276: Cross Site Scripting in baserCMS

Vendor Baserproject

Product basercms

Weakness CWE-79 · XSS

Published October 30, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

7.7/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.

Key dates

02Disclosure timeline

October 30, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-15276 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-3403 PHPGurukul Student Record Management System edit-subject.php cross site scripting CVE-2023-49767 WordPress Biteship Plugin <= 2.2.24 is vulnerable to Cross Site Scripting (XSS) CVE-2025-46851 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2022-1408 VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ Stored Cross-Site Scripting CVE-2025-64822 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)