Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Remote Code Execution (RCE).

Impact: XSS via Arbitrary script execution.
Attack vector is: Administrator must be logged in.
Components are: Edit template.
Tested baserCMS Version : 4.4.0 (Latest)
Affected baserCMS Version : 4.0.0 ~ 4.4.0
Patches : https://basercms.net/security/20201029
Found by Aquilao Null

References

baserproject published to baserproject/basercms Oct 29, 2020

Reviewed Oct 30, 2020

Published to the GitHub Advisory Database Oct 30, 2020

Last updated Jan 9, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

References

Severity

CVSS overall score

CVSS v3 base metrics

CVSS v3 base metrics

EPSS score

Weaknesses

CVE ID

GHSA ID

Source code

Credits