CVE-2021-20681

Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.

Published: Mar 26, 2021
Updated: May 9, 2024
CVE: CVE-2021-20681
GHSA: GHSA-24p5-x9f9-vvpx
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
basercms / basercms	-	4.4.5
baserproject / basercms	-	4.4.5

https://basercms.net/security/JVN64869876
https://github.com/baserproject/basercms
https://jvn.jp/en/jp/JVN64869876/index.html
https://packagist.org/packages/baserproject/basercms

Vulnerability Database

290,206

CVE-2021-20681