baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7.

Affected Packages

Packagist baserproject/basercms

Affected versions: 4.0.0 (fixed in 4.3.7)

Related CVEs

CVE-2020-15155

Key Information

GHSA ID

GHSA-4r3m-j6x5-48m3

Published

August 28, 2020 9:20 PM

Last Modified

January 7, 2021 11:39 PM

CVSS Score

2.5 /10

Primary Ecosystem

Packagist

Primary Package

baserproject/basercms

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 12, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.