CVE-2021-20683

Description

Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.

Related CPE's

abasercmsbasercms********
vulnerable

References

https://basercms.net/security/JVN64869876

PatchVendor Advisory

https://jvn.jp/en/jp/JVN64869876/index.html

Third Party Advisory

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

LOW

AttackComplexity

LOW

Scope

CHANGED

AttackVector

NETWORK

AvailabilityImpact

NONE

IntegrityImpact

LOW

PrivilegesRequired

LOW

BaseScore

5.4

VectorString

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Version

3.1

UserInteraction

REQUIRED

CvssV2 impact

AccessComplexity

MEDIUM

ConfidentialityImpact

NONE

AvailabilityImpact

NONE

IntegrityImpact

PARTIAL

BaseScore

3.5

VectorString

AV:N/AC:M/Au:S/C:N/I:P/A:N

Version

2.0

AccessVector

NETWORK

Authentication

SINGLE