CVE-2016-4877

MEDIUM

Basercms - XSS

Title source: rule

Description

Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

References (3)

Scores

CVSS v3 5.4
EPSS 0.0024
EPSS Percentile 46.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (3)
basercms/basercms
basercms/mail
baserCMS Users Community/baserCMS plugin Mail < version 3.0.10 and earlier
Published May 12, 2017
Tracked Since Feb 18, 2026