CVE-2020-15154

{"id": "CVE-2020-15154", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.0}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.0}]}, "published": "2020-08-28T21:15:11.917", "references": [{"url": "https://basercms.net/security/20200827", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. The issue is fixed in version 4.3.7."}, {"lang": "es", "value": "baserCMS versiones 4.3.6 y anteriores, esta afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) por medio de la ejecuci\u00f3n de un script arbitrario. Se requiere acceso de administrador para explotar esta vulnerabilidad. Los componentes afectados son: los archivos content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. El problema es corregido en la versi\u00f3n 4.3.7"}], "lastModified": "2020-09-03T18:08:22.913", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D8C0605-796C-4AA8-ACD8-1444D95A121B", "versionEndIncluding": "4.3.6"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}