Low severityNVD Advisory· Published Aug 28, 2020· Updated Aug 4, 2024

Cross-Site Scripting in baserCMS

CVE-2020-15155

Description

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

baserCMS 4.3.6 and earlier contains a stored XSS vulnerability in toolbar.php, exploitable by authenticated administrators, patched in 4.3.7.

CVE-2020-15155 describes a cross-site scripting (XSS) vulnerability in baserCMS versions 4.3.6 and earlier. The flaw resides in toolbar.php, where insufficient sanitization of user-supplied input allows an authenticated administrator to inject arbitrary script code into the admin interface. This is a stored XSS issue, as the injected payload persists and executes when other administrators view the affected page [1][4].

Exploitation requires administrative access to the baserCMS admin panel. An attacker with privileges to edit content, system settings, or theme files can inject malicious script via input fields. No other authentication or network position is required; the attacker must already have a valid admin session. The advisory notes that the attack surface is relevant when the admin interface is shared among multiple users [3][4].

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of another administrator's session. This can lead to actions such as stealing session cookies, modifying site content, or performing administrative operations on behalf of the victim, effectively compromising the entire CMS instance [1][4].

The vulnerability is fixed in baserCMS version 4.3.7. Users unable to upgrade immediately can apply official security patches provided by the vendor. The fix involved adding proper output escaping in the toolbar template, as shown in the commit that remediates the injection point [2][3].

References

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
baserproject/basercmsPackagist	>= 4.0.0, < 4.3.7	4.3.7

Affected products

ghsa-coords
pkg:composer/baserproject/basercms
Range: >= 4.0.0, < 4.3.7
baserproject/basercmsv5
Range: unspecified

Patches

94cbfab74c9f

Merge pull request from GHSA-4r3m-j6x5-48m3

https://github.com/baserproject/basercmsbaserprojectAug 19, 2020via ghsa

commit

2 files changed · +40 −36

app/webroot/theme/admin-third/Elements/admin/toolbar.php+38 −34 modified

@@ -39,52 +39,54 @@
 <div id="ToolBar" class="bca-toolbar">
 	<div id="ToolbarInner" class="clearfix bca-toolbar__body">
 		<div class="bca-toolbar__logo">
-			<?php
-				# インストール画面
-				if ($this->name == 'Installations'): ?>
+			<?php // インストール画面 ?>
+			<?php if ($this->name == 'Installations'): ?>
 				<?php $this->BcBaser->link(
 						$this->BcBaser->getImg('admin/logo_icon.svg', ['alt' => '', 'width' => '24', 'height' => '21', 'class' => 'bca-toolbar__logo-symbol']) . 
 				        '<span class="bca-toolbar__logo-text">' . __d('baser', 'インストールマニュアル') . '</span>', 
-                        'https://basercms.net/manuals/introductions/4.html', ['target' => '_blank', 'class' => 'bca-toolbar__logo-link']) ?>
-			<?php
-				# バージョンアップ画面
-				elseif (Configure::read('BcRequest.isUpdater')): ?>
+						'https://basercms.net/manuals/introductions/4.html',
+						['target' => '_blank', 'class' => 'bca-toolbar__logo-link']
+				) ?>
+						
+			<?php // バージョンアップ画面 ?>
+			<?php elseif (Configure::read('BcRequest.isUpdater')): ?>
 				<?php $this->BcBaser->link(
 						$this->BcBaser->getImg('admin/logo_icon.svg', ['alt' => '', 'width' => '24', 'height' => '21', 'class' => 'bca-toolbar__logo-symbol']) .
 						'<span class="bca-toolbar__logo-text">' . __d('baser', 'アップデートマニュアル') . '</span>', 
-                        'https://basercms.net/manuals/introductions/8.html', ['target' => '_blank', 'class' => 'bca-toolbar__logo-link']) ?>
-			<?php
-				# 通常
-				elseif (!empty($this->request->params['admin']) || ('/' . $this->request->url) == $loginUrl): ?>
+						'https://basercms.net/manuals/introductions/8.html',
+						['target' => '_blank', 'class' => 'bca-toolbar__logo-link']
+				) ?>
+						
+			<?php // 通常管理画面 ?>
+			<?php elseif (!empty($this->request->params['admin']) || ('/' . $this->request->url) == $loginUrl): ?>
 				<?php
 					$this->BcBaser->link(
 						$this->BcBaser->getImg('admin/logo_icon.svg', ['alt' => '', 'width' => '24', 'height' => '21', 'class' => 'bca-toolbar__logo-symbol'])
-							.'<span class="bca-toolbar__logo-text">'
-							.$this->BcBaser->siteConfig['formal_name']
-							.'</span>', '/'
+							. '<span class="bca-toolbar__logo-text">'
+							. h($this->BcBaser->siteConfig['formal_name'])
+							. '</span>', '/'
 						,
 						['class' => 'bca-toolbar__logo-link']
 					)
 				?>
-			<?php
-				else: ?>
-				<?php
-					# 管理画面にアクセス可能な権限がある場合
-					if (in_array('admin', $currentUserAuthPrefixes)): ?>
+				
+			<?php // 公開画面 ?>
+			<?php else: ?>
+				<?php // 管理画面にアクセス可能な権限がある場合 ?>
+				<?php if (in_array('admin', $currentUserAuthPrefixes)): ?>
 					<?php
 					$this->BcBaser->link(
 						$this->BcBaser->getImg('admin/logo_icon.svg', ['alt' => '', 'width' => '24', 'height' => '21', 'class' => 'bca-toolbar__logo-symbol'])
-							.'<span class="bca-toolbar__logo-text">'
-							.$this->BcBaser->siteConfig['formal_name']
-							.'</span>', ['plugin' => null, 'admin' => true, 'controller' => 'dashboard', 'action' => 'index']
+							. '<span class="bca-toolbar__logo-text">'
+							. h($this->BcBaser->siteConfig['formal_name'])
+							. '</span>', ['plugin' => null, 'admin' => true, 'controller' => 'dashboard', 'action' => 'index']
 						,
 						['class' => 'bca-toolbar__logo-link']
 					)
 					?>
-				<?php
-				# 管理画面にアクセス権限がない場合
-				else: ?>
-					<?php $this->BcBaser->link($authName, Configure::read('BcAuthPrefix.' . $currentPrefix . '.loginRedirect'), ['title' => $authName]) ?>
+				<?php // 管理画面にアクセス権限がない場合 ?>
+				<?php else: ?>
+					<?php $this->BcBaser->link(h($authName), Configure::read('BcAuthPrefix.' . $currentPrefix . '.loginRedirect'), ['title' => h($authName)]) ?>
 				<?php endif ?>
 			<?php endif ?>
 		</div>
@@ -112,14 +114,16 @@
 		<div id="UserMenu" class="bca-toolbar__users">
 			<ul class="clearfix">
 				<?php
-				# TODO: お気に入りを表示（サイドメニューとのイベント処理・同期・スタイルの調整を検討中）
-				# <li>
-				# <a href="javascript:void(0)" class="title"><?php echo __d('baser', 'お気に入り') ? ><img src="/theme/admin-third/img/admin/btn_dropdown.png" width="8" height="11" class="bc-btn"></a>
-				#	<div id="FavoriteArea" hidden>
-				#		<?php $this->BcBaser->element('favorite_menu') ? >
-				#		<?php $this->BcBaser->element('permission') ? >
-				#	</div>
-				#</li>
+				/**
+				 * TODO: お気に入りを表示（サイドメニューとのイベント処理・同期・スタイルの調整を検討中）
+				 * <li>
+				 * <a href="javascript:void(0)" class="title"><?php echo __d('baser', 'お気に入り') ? ><img src="/theme/admin-third/img/admin/btn_dropdown.png" width="8" height="11" class="bc-btn"></a>
+				 * 	<div id="FavoriteArea" hidden>
+				 * 		<?php $this->BcBaser->element('favorite_menu') ? >
+				 * 		<?php $this->BcBaser->element('permission') ? >
+				 * 	</div>
+				 * </li>
+				 */
 				?>
 				<li>
 					<?php if (!empty($user)): ?>

lib/Baser/View/Elements/admin/toolbar.php+2 −2 modified

@@ -47,12 +47,12 @@
 				<?php elseif (Configure::read('BcRequest.isUpdater')): ?>
 					<li><?php $this->BcBaser->link(__d('baser', 'アップデートマニュアル'), 'http://wiki.basercms.net/%E3%83%90%E3%83%BC%E3%82%B8%E3%83%A7%E3%83%B3%E3%82%A2%E3%83%83%E3%83%97%E3%82%AC%E3%82%A4%E3%83%89', ['target' => '_blank', 'class' => 'tool-menu']) ?></li>
 				<?php elseif (!empty($this->request->params['admin']) || ('/' . $this->request->url) == $loginUrl): ?>	
-					<li><?php $this->BcBaser->link($this->BcBaser->siteConfig['formal_name'], '/') ?></li>
+					<li><?php $this->BcBaser->link($this->BcBaser->siteConfig['formal_name'], '/', ['escape' => true]) ?></li>
 				<?php else: ?>
 					<?php if (in_array('admin', $currentUserAuthPrefixes)): ?>
 						<li><?php $this->BcBaser->link($this->BcBaser->getImg('admin/btn_logo.png', ['alt' => __d('baser', 'baserCMS管理システム'), 'class' => 'bc-btn']), ['plugin' => null, 'admin' => true, 'controller' => 'dashboard', 'action' => 'index'], ['title' => __d('baser', 'baserCMS管理システム')]) ?></li>
 					<?php else: ?>
-						<li><?php $this->BcBaser->link($authName, Configure::read('BcAuthPrefix.' . $currentPrefix . '.loginRedirect'), ['title' => $authName]) ?></li>
+						<li><?php $this->BcBaser->link($authName, Configure::read('BcAuthPrefix.' . $currentPrefix . '.loginRedirect'), ['title' => $authName, 'escape' => ture]) ?></li>
 					<?php endif ?>
 				<?php endif ?>
 				<?php if ($this->BcBaser->existsEditLink() && !isset($this->request->query['preview'])): ?>

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-4r3m-j6x5-48m3ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2020-15155ghsaADVISORY
basercms.net/security/20200827ghsax_refsource_MISCWEB
github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30fghsax_refsource_MISCWEB
github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3ghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.065
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000