CVE-2021-20683

Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.

Published: Mar 26, 2021
Updated: May 9, 2024
CVE: CVE-2021-20683
GHSA: GHSA-v9w8-hq92-v39m
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
basercms / basercms	-	4.4.5
baserproject / basercms	-	4.4.5

https://basercms.net/security/JVN64869876
https://github.com/baserproject/basercms
https://github.com/baserproject/basercms/commit/88ccc61e5656b05dd13204d61de706efaa2cd0b1
https://jvn.jp/en/jp/JVN64869876/index.html
https://packagist.org/packages/baserproject/basercms

Vulnerability Database

CVE-2021-20683