Skip to main content
CVE-2020-15159 HIGH PATCH This Week

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS RCE PHP Basercms
NVD GitHub
CVSS 3.1
7.6
EPSS
2.2%
CVE-2020-9298 HIGH PATCH This Week

The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Information Disclosure Orca
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-4559 HIGH PATCH This Week

IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Spectrum Protect
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-15155 HIGH PATCH This Week

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Basercms
NVD GitHub
CVSS 3.1
7.3
EPSS
1.3%
CVE-2020-15154 HIGH PATCH This Week

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Basercms
NVD GitHub
CVSS 3.1
7.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy