CVE-2020-15273: Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
7.3
Basic Information
Technical Details
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
baserproject/basercms | composer | >= 4.4.0, < 4.4.1 | 4.4.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The provided information focuses on access control changes (adding 'BcApp.allowedThemeEdit' checks) rather than demonstrating specific XSS vulnerability patterns like unescaped output or improper input sanitization. The commit diff shows UI elements being conditionally rendered based on configuration
settings, but does not show the actual vulnerable code handling user input in components like feed settings or widget areas. Without seeing pre-patch code demonstrating insufficient output encoding in these admin components, we cannot confidently identify specific vulnerable functions
. The advisory describes the attack surface (admin-accessible components) but the technical details needed to pinpoint exact vulnerable functions
are missing from provided materials.