Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/228282?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/228282?format=api", "purl": "pkg:composer/baserproject/basercms@4.0.0-beta", "type": "composer", "namespace": "baserproject", "name": "basercms", "version": "4.0.0-beta", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.4.5", "latest_non_vulnerable_version": "5.2.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54253?format=api", "vulnerability_id": "VCID-1q79-sxzp-zker", "summary": "OS Command Injection\nbaserCMS allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20682", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02357", "scoring_system": "epss", "scoring_elements": "0.8521", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20682" }, { "reference_url": "https://basercms.net/security/JVN64869876", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN64869876" }, { "reference_url": "https://jvn.jp/en/jp/JVN64869876/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jvn.jp/en/jp/JVN64869876/index.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20682", "reference_id": "CVE-2021-20682", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20682" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80118?format=api", "purl": "pkg:composer/baserproject/basercms@4.4.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.5" } ], "aliases": [ "CVE-2021-20682", "GHSA-g39q-f4rm-85x4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1q79-sxzp-zker" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40410?format=api", "vulnerability_id": "VCID-9mf7-56fh-fyfk", "summary": "Cross-site Scripting\nAn issue was discovered in baserCMS In the Register New Category feature of the Upload menu, the category name can be used for XSS via the `data[UploaderCategory][name]` parameter to an `admin/uploader/uploader_categories/edit` URI.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18943", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.54037", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18943" }, { "reference_url": "https://basercms.net/release/4_1_4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://basercms.net/release/4_1_4" }, { "reference_url": "https://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4" }, { "reference_url": "https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18943", "reference_id": "CVE-2018-18943", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18943" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56953?format=api", "purl": "pkg:composer/baserproject/basercms@4.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-d5gk-q2hh-kba5" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-p6nr-eu91-53b4" }, { "vulnerability": "VCID-twf5-bzba-gqb4" }, { "vulnerability": "VCID-vqx2-hzju-r7et" }, { "vulnerability": "VCID-wvnk-63hy-ykeq" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-xxud-7jsh-bbc1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.4" } ], "aliases": [ "CVE-2018-18943", "GHSA-fx2m-5m9v-jhgp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9mf7-56fh-fyfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52933?format=api", "vulnerability_id": "VCID-d5gk-q2hh-kba5", "summary": "Cross-site Scripting\nbaserCMS `content_info.php`, `content_options.php`, `content_related.php`, `index_list_tree.php`, `jquery.bcTree.js`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15154", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.74124", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15154" }, { "reference_url": "https://basercms.net/security/20200827", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/20200827" }, { "reference_url": "https://github.com/baserproject/basercms/commit/7f4b905b90954e394ec10dd35bad2a5dec505371", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/7f4b905b90954e394ec10dd35bad2a5dec505371" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15154", "reference_id": "CVE-2020-15154", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77910?format=api", "purl": "pkg:composer/baserproject/basercms@4.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-twf5-bzba-gqb4" }, { "vulnerability": "VCID-wvnk-63hy-ykeq" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-xxud-7jsh-bbc1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.3.7" } ], "aliases": [ "CVE-2020-15154", "GHSA-cpxc-67rc-c775" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d5gk-q2hh-kba5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54257?format=api", "vulnerability_id": "VCID-eq7f-n3g5-s3hu", "summary": "Cross-site Scripting\nImproper neutralization of JavaScript input in the page editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20681", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42327", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20681" }, { "reference_url": "https://basercms.net/security/JVN64869876", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN64869876" }, { "reference_url": "https://jvn.jp/en/jp/JVN64869876/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jvn.jp/en/jp/JVN64869876/index.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20681", "reference_id": "CVE-2021-20681", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20681" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80118?format=api", "purl": "pkg:composer/baserproject/basercms@4.4.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.5" } ], "aliases": [ "CVE-2021-20681", "GHSA-24p5-x9f9-vvpx" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eq7f-n3g5-s3hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40409?format=api", "vulnerability_id": "VCID-gsg3-fdmu-vqag", "summary": "Improper Input Validation\nbaserCMS allows remote attackers to execute arbitrary PHP code via the `admin/theme_configs/form`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18942", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00928", "scoring_system": "epss", "scoring_elements": "0.76457", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18942" }, { "reference_url": "https://basercms.net/release/4_1_4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://basercms.net/release/4_1_4" }, { "reference_url": "https://github.com/baserproject/basercms/issues/959", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/issues/959" }, { "reference_url": "https://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4" }, { "reference_url": "https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18942", "reference_id": "CVE-2018-18942", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18942" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56953?format=api", "purl": "pkg:composer/baserproject/basercms@4.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-d5gk-q2hh-kba5" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-p6nr-eu91-53b4" }, { "vulnerability": "VCID-twf5-bzba-gqb4" }, { "vulnerability": "VCID-vqx2-hzju-r7et" }, { "vulnerability": "VCID-wvnk-63hy-ykeq" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-xxud-7jsh-bbc1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.4" } ], "aliases": [ "CVE-2018-18942", "GHSA-rjc2-x53r-6c9r" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gsg3-fdmu-vqag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52930?format=api", "vulnerability_id": "VCID-p6nr-eu91-53b4", "summary": "Cross-site Scripting\nbaserCMS is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The affected components are `ThemeFilesController.php` and `UploaderFilesController.php`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15159", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01563", "scoring_system": "epss", "scoring_elements": "0.81826", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15159" }, { "reference_url": "https://basercms.net/security/20200827", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/20200827" }, { "reference_url": "https://github.com/baserproject/basercms/commit/16a7b3cd09a0ca355474119c76897eac2034a66d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/16a7b3cd09a0ca355474119c76897eac2034a66d" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-673x-f5wx-fxpw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-673x-f5wx-fxpw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15159", "reference_id": "CVE-2020-15159", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15159" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77910?format=api", "purl": "pkg:composer/baserproject/basercms@4.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-twf5-bzba-gqb4" }, { "vulnerability": "VCID-wvnk-63hy-ykeq" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-xxud-7jsh-bbc1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.3.7" } ], "aliases": [ "CVE-2020-15159", "GHSA-673x-f5wx-fxpw" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p6nr-eu91-53b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52932?format=api", "vulnerability_id": "VCID-vqx2-hzju-r7et", "summary": "Cross-site Scripting\nbaserCMS is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is `toolbar.php`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15155", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75527", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15155" }, { "reference_url": "https://basercms.net/security/20200827", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/20200827" }, { "reference_url": "https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15155", "reference_id": "CVE-2020-15155", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15155" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77910?format=api", "purl": "pkg:composer/baserproject/basercms@4.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-twf5-bzba-gqb4" }, { "vulnerability": "VCID-wvnk-63hy-ykeq" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-xxud-7jsh-bbc1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.3.7" } ], "aliases": [ "CVE-2020-15155", "GHSA-4r3m-j6x5-48m3" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vqx2-hzju-r7et" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54254?format=api", "vulnerability_id": "VCID-xpsb-2yux-g3cf", "summary": "Cross-site Scripting\nImproper neutralization of JavaScript input in the blog article editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20683", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42327", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20683" }, { "reference_url": "https://basercms.net/security/JVN64869876", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN64869876" }, { "reference_url": "https://github.com/baserproject/basercms/commit/88ccc61e5656b05dd13204d61de706efaa2cd0b1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/88ccc61e5656b05dd13204d61de706efaa2cd0b1" }, { "reference_url": "https://jvn.jp/en/jp/JVN64869876/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jvn.jp/en/jp/JVN64869876/index.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20683", "reference_id": "CVE-2021-20683", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20683" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80118?format=api", "purl": "pkg:composer/baserproject/basercms@4.4.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.5" } ], "aliases": [ "CVE-2021-20683", "GHSA-v9w8-hq92-v39m" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xpsb-2yux-g3cf" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.0.0-beta" }