Description
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://basercms.net/security/20200827
Patch, Third Party Advisory x_refsource_confirm
https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3
Patch, Third Party Advisory x_refsource_misc
https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f
Scores
CVSS v3
7.3
EPSS
0.0087
EPSS Percentile
75.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
Details
CWE
CWE-79
Status
published
Products (2)
basercms/basercms
< 4.3.6
baserproject/basercms
4.0.0 - 4.3.7Packagist
Published
Aug 28, 2020
Tracked Since
Feb 18, 2026