CVE-2020-15154

Name of the Vulnerable Software and Affected Versions baserCMS versions 4.0.0 through 4.3.6

Description The issue is related to Cross Site Scripting (XSS) via arbitrary script execution, requiring admin access to exploit. The affected components include content fields.php, content info.php, content options.php, content related.php, index list tree.php, and jquery.bcTree.js.

Recommendations For versions 4.0.0 through 4.3.6, update to version 4.3.7 to resolve the issue. As a temporary workaround, consider restricting access to the affected components until the update is applied.