CVE-2021-20681

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-20681

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20681.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-20681

Aliases

GHSA-24p5-x9f9-vvpx

Published

2021-03-26T09:15:12.043Z

Modified

2026-04-12T01:00:53.196926Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.

References

Affected packages

Git / github.com/baserproject/basercms

Affected ranges

Type

GIT

Repo

https://github.com/baserproject/basercms

Events

Introduced

Fixed

ac7824e7c617f54f12686cef01a2e30e5b07dd83

Database specific

{
    "cpe": "cpe:2.3:a:basercms:basercms:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.4.5"
        }
    ]
}

Affected versions

2.*

2.0.0

2.0.0-beta

2.0.1

2.0.2

2.0.3

2.1.0

2.1.2

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.5.1

3.0.6

3.0.6-beta

3.0.7

4.*

4.0.0

4.0.0-beta

4.0.6

4.0.7

4.1.0

4.1.0.1

4.1.1

4.1.2

4.2.2

4.2.4

4.3.0

4.3.3

4.3.5

4.3.6

4.3.7

4.3.7.1

4.4.0

4.4.1.1

4.4.2.1

4.4.3

4.4.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20681.json"