Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/295802?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/295802?format=api", "purl": "pkg:composer/baserproject/basercms@4.4.3", "type": "composer", "namespace": "baserproject", "name": "basercms", "version": "4.4.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.1.2", "latest_non_vulnerable_version": "5.2.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54253?format=api", "vulnerability_id": "VCID-1q79-sxzp-zker", "summary": "OS Command Injection\nbaserCMS allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20682", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02357", "scoring_system": "epss", "scoring_elements": "0.8521", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02357", "scoring_system": "epss", "scoring_elements": "0.85235", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20682" }, { "reference_url": "https://basercms.net/security/JVN64869876", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN64869876" }, { "reference_url": "https://jvn.jp/en/jp/JVN64869876/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jvn.jp/en/jp/JVN64869876/index.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20682", "reference_id": "CVE-2021-20682", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20682" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80118?format=api", "purl": "pkg:composer/baserproject/basercms@4.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-khft-xvrw-g3dr" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-mfm9-gsh3-ubg8" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p695-t9ye-v3ga" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-sqr4-v889-tff8" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.5" } ], "aliases": [ "CVE-2021-20682", "GHSA-g39q-f4rm-85x4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1q79-sxzp-zker" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41774?format=api", "vulnerability_id": "VCID-5ay3-1t5g-vycu", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nBaserCMS is an open source content management system with a focus on Japanese language support. Users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41279", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.6349", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63447", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41279" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/d8ab0a81a7bce35cc95ff7dff851a7e87a084336", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/d8ab0a81a7bce35cc95ff7dff851a7e87a084336" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41279", "reference_id": "CVE-2021-41279", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41279" }, { "reference_url": "https://github.com/advisories/GHSA-4x2f-54wr-4hjg", "reference_id": "GHSA-4x2f-54wr-4hjg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4x2f-54wr-4hjg" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-4x2f-54wr-4hjg", "reference_id": "GHSA-4x2f-54wr-4hjg", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-4x2f-54wr-4hjg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59671?format=api", "purl": "pkg:composer/baserproject/basercms@4.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-khft-xvrw-g3dr" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-mfm9-gsh3-ubg8" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p695-t9ye-v3ga" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-sqr4-v889-tff8" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.5.4" } ], "aliases": [ "CVE-2021-41279", "GHSA-4x2f-54wr-4hjg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ay3-1t5g-vycu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41773?format=api", "vulnerability_id": "VCID-891u-x525-ykbb", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nThere is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41243", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02799", "scoring_system": "epss", "scoring_elements": "0.86405", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02799", "scoring_system": "epss", "scoring_elements": "0.86382", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41243" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/9088b99c329d1faff3a2f1269f37b9a9d8d5f6ff", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/9088b99c329d1faff3a2f1269f37b9a9d8d5f6ff" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41243", "reference_id": "CVE-2021-41243", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41243" }, { "reference_url": "https://github.com/advisories/GHSA-7rpc-9m88-cf9w", "reference_id": "GHSA-7rpc-9m88-cf9w", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7rpc-9m88-cf9w" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-7rpc-9m88-cf9w", "reference_id": "GHSA-7rpc-9m88-cf9w", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-7rpc-9m88-cf9w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59671?format=api", "purl": "pkg:composer/baserproject/basercms@4.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-khft-xvrw-g3dr" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-mfm9-gsh3-ubg8" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p695-t9ye-v3ga" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-sqr4-v889-tff8" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.5.4" } ], "aliases": [ "CVE-2021-41243", "GHSA-7rpc-9m88-cf9w" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-891u-x525-ykbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109472?format=api", "vulnerability_id": "VCID-ays7-6wvh-augt", "summary": "baserCMS vulnerable to stored Cross-site Scripting\nStored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42486", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.3445", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34547", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42486" }, { "reference_url": "https://basercms.net/security/JVN_53682526", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T16:01:40Z/" } ], "url": "https://basercms.net/security/JVN_53682526" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://jvn.jp/en/jp/JVN53682526/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T16:01:40Z/" } ], "url": "https://jvn.jp/en/jp/JVN53682526/index.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42486", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42486" }, { "reference_url": "https://github.com/advisories/GHSA-7w2v-35j3-xrm9", "reference_id": "GHSA-7w2v-35j3-xrm9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7w2v-35j3-xrm9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/146599?format=api", "purl": "pkg:composer/baserproject/basercms@4.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-khft-xvrw-g3dr" }, { "vulnerability": "VCID-mfm9-gsh3-ubg8" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p695-t9ye-v3ga" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-sqr4-v889-tff8" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" }, { "vulnerability": "VCID-zxns-tzw3-27fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.2" } ], "aliases": [ "CVE-2022-42486", "GHSA-7w2v-35j3-xrm9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ays7-6wvh-augt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54257?format=api", "vulnerability_id": "VCID-eq7f-n3g5-s3hu", "summary": "Cross-site Scripting\nImproper neutralization of JavaScript input in the page editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20681", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42327", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42402", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20681" }, { "reference_url": "https://basercms.net/security/JVN64869876", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN64869876" }, { "reference_url": "https://jvn.jp/en/jp/JVN64869876/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jvn.jp/en/jp/JVN64869876/index.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20681", "reference_id": "CVE-2021-20681", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20681" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80118?format=api", "purl": "pkg:composer/baserproject/basercms@4.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-khft-xvrw-g3dr" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-mfm9-gsh3-ubg8" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p695-t9ye-v3ga" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-sqr4-v889-tff8" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.5" } ], "aliases": [ "CVE-2021-20681", "GHSA-24p5-x9f9-vvpx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eq7f-n3g5-s3hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46297?format=api", "vulnerability_id": "VCID-g56w-z9cx-5ygv", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in baserproject/basercms.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.68361", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29009" }, { "reference_url": "https://basercms.net/security/JVN_45547161", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:59:04Z/" } ], "url": "https://basercms.net/security/JVN_45547161" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/919c3ccbbd7a2432967dcb2e428131cc7ad71bb2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/919c3ccbbd7a2432967dcb2e428131cc7ad71bb2" }, { "reference_url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:59:04Z/" } ], "url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29009", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29009" }, { "reference_url": "https://github.com/advisories/GHSA-8vqx-prq4-rqrq", "reference_id": "GHSA-8vqx-prq4-rqrq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8vqx-prq4-rqrq" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq", "reference_id": "GHSA-8vqx-prq4-rqrq", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:59:04Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67525?format=api", "purl": "pkg:composer/baserproject/basercms@4.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-khft-xvrw-g3dr" }, { "vulnerability": "VCID-mfm9-gsh3-ubg8" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p695-t9ye-v3ga" }, { "vulnerability": "VCID-sqr4-v889-tff8" }, { "vulnerability": "VCID-uedz-j2vn-cbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/685977?format=api", "purl": "pkg:composer/baserproject/basercms@5.0.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-khft-xvrw-g3dr" }, { "vulnerability": "VCID-mfm9-gsh3-ubg8" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p695-t9ye-v3ga" }, { "vulnerability": "VCID-sqr4-v889-tff8" }, { "vulnerability": "VCID-uedz-j2vn-cbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.0-beta1" } ], "aliases": [ "CVE-2023-29009", "GHSA-8vqx-prq4-rqrq" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g56w-z9cx-5ygv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47107?format=api", "vulnerability_id": "VCID-ggv8-3v9t-mfea", "summary": "baserCMS Cross-site Scripting vulnerability in Site search Feature\nThere is a XSS Vulnerability in Site search Feature to baserCMS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70549", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44379" }, { "reference_url": "https://basercms.net/security/JVN_73283159", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:39:22Z/" } ], "url": "https://basercms.net/security/JVN_73283159" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:39:22Z/" } ], "url": "https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44379", "reference_id": "CVE-2023-44379", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44379" }, { "reference_url": "https://github.com/advisories/GHSA-66c2-p8rh-qx87", "reference_id": "GHSA-66c2-p8rh-qx87", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-66c2-p8rh-qx87" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87", "reference_id": "GHSA-66c2-p8rh-qx87", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:39:22Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69105?format=api", "purl": "pkg:composer/baserproject/basercms@5.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-khft-xvrw-g3dr" }, { "vulnerability": "VCID-mfm9-gsh3-ubg8" }, { "vulnerability": "VCID-p695-t9ye-v3ga" }, { "vulnerability": "VCID-sqr4-v889-tff8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.9" } ], "aliases": [ "CVE-2023-44379", "GHSA-66c2-p8rh-qx87" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ggv8-3v9t-mfea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41362?format=api", "vulnerability_id": "VCID-hpk4-a6tr-3ffe", "summary": "baserCMS is an open source content management system with a focus on Japanese language support. A Cross-site Scripting vulnerability has been identified.", "references": [ { "reference_url": "http://jvn.jp/en/jp/JVN14134801/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN14134801/index.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39136", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.67989", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.6795", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39136" }, { "reference_url": "https://basercms.net/security/JVN_14134801", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN_14134801" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bc", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bc" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39136", "reference_id": "CVE-2021-39136", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39136" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58790?format=api", "purl": "pkg:composer/baserproject/basercms@4.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-khft-xvrw-g3dr" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-mfm9-gsh3-ubg8" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p695-t9ye-v3ga" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-sqr4-v889-tff8" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.5.1" } ], "aliases": [ "CVE-2021-39136", "GHSA-hgjr-632x-qpp3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hpk4-a6tr-3ffe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44713?format=api", "vulnerability_id": "VCID-j37y-gws9-ake9", "summary": "Unrestricted Upload of File with Dangerous Type\nbaserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02083", "scoring_system": "epss", "scoring_elements": "0.84309", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02083", "scoring_system": "epss", "scoring_elements": "0.84332", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25654" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/" } ], "url": "https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96" }, { "reference_url": "https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/" } ], "url": "https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359" }, { "reference_url": "https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/" } ], "url": "https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0" }, { "reference_url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/" } ], "url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25654", "reference_id": "CVE-2023-25654", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25654" }, { "reference_url": "https://github.com/advisories/GHSA-h4cc-fxpp-pgw9", "reference_id": "GHSA-h4cc-fxpp-pgw9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h4cc-fxpp-pgw9" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9", "reference_id": "GHSA-h4cc-fxpp-pgw9", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64369?format=api", "purl": "pkg:composer/baserproject/basercms@4.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-khft-xvrw-g3dr" }, { "vulnerability": "VCID-mfm9-gsh3-ubg8" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p695-t9ye-v3ga" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-sqr4-v889-tff8" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-zxns-tzw3-27fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.5" } ], "aliases": [ "CVE-2023-25654", "GHSA-h4cc-fxpp-pgw9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j37y-gws9-ake9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46310?format=api", "vulnerability_id": "VCID-jby7-s5ez-dqb3", "summary": "Cross-Site Request Forgery (CSRF) in baserproject/basercms.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43649", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.3025", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43649" }, { "reference_url": "https://basercms.net/security/JVN_99052047", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:21:18Z/" } ], "url": "https://basercms.net/security/JVN_99052047" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:21:18Z/" } ], "url": "https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43649", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43649" }, { "reference_url": "https://github.com/advisories/GHSA-fw9x-cqjq-7jx5", "reference_id": "GHSA-fw9x-cqjq-7jx5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fw9x-cqjq-7jx5" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5", "reference_id": "GHSA-fw9x-cqjq-7jx5", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:21:18Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67525?format=api", "purl": "pkg:composer/baserproject/basercms@4.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-khft-xvrw-g3dr" }, { "vulnerability": "VCID-mfm9-gsh3-ubg8" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p695-t9ye-v3ga" }, { "vulnerability": "VCID-sqr4-v889-tff8" }, { "vulnerability": "VCID-uedz-j2vn-cbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/67580?format=api", "purl": "pkg:composer/baserproject/basercms@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-khft-xvrw-g3dr" }, { "vulnerability": "VCID-mfm9-gsh3-ubg8" }, { "vulnerability": "VCID-p695-t9ye-v3ga" }, { "vulnerability": "VCID-sqr4-v889-tff8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.0" } ], "aliases": [ "CVE-2023-43649", "GHSA-fw9x-cqjq-7jx5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jby7-s5ez-dqb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109461?format=api", "vulnerability_id": "VCID-k575-suuf-7bhf", "summary": "baserCMS vulnerable to stored Cross-site Scripting\nStored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41994", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34314", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34412", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41994" }, { "reference_url": "https://basercms.net/security/JVN_53682526", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:27:38Z/" } ], "url": "https://basercms.net/security/JVN_53682526" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://jvn.jp/en/jp/JVN53682526/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:27:38Z/" } ], "url": "https://jvn.jp/en/jp/JVN53682526/index.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41994", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41994" }, { "reference_url": "https://github.com/advisories/GHSA-vxwf-79ch-f7f7", "reference_id": "GHSA-vxwf-79ch-f7f7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vxwf-79ch-f7f7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/146599?format=api", "purl": "pkg:composer/baserproject/basercms@4.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-khft-xvrw-g3dr" }, { "vulnerability": "VCID-mfm9-gsh3-ubg8" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p695-t9ye-v3ga" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-sqr4-v889-tff8" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" }, { "vulnerability": "VCID-zxns-tzw3-27fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.2" } ], "aliases": [ "CVE-2022-41994", "GHSA-vxwf-79ch-f7f7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k575-suuf-7bhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56066?format=api", "vulnerability_id": "VCID-khft-xvrw-g3dr", "summary": "baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request\nXSS vulnerability in HTTP 400 Bad Request to baserCMS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46995", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0087", "scoring_system": "epss", "scoring_elements": "0.75582", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46995" }, { "reference_url": "https://basercms.net/security/JVN_00876083", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN_00876083" }, { "reference_url": "https://basercms.net/security/JVN_06274755", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:15Z/" } ], "url": "https://basercms.net/security/JVN_06274755" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46995", "reference_id": "CVE-2024-46995", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46995" }, { "reference_url": "https://github.com/advisories/GHSA-mr7q-fv7j-jcgv", "reference_id": "GHSA-mr7q-fv7j-jcgv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mr7q-fv7j-jcgv" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-mr7q-fv7j-jcgv", "reference_id": "GHSA-mr7q-fv7j-jcgv", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:15Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-mr7q-fv7j-jcgv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83045?format=api", "purl": "pkg:composer/baserproject/basercms@5.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2" } ], "aliases": [ "CVE-2024-46995", "GHSA-mr7q-fv7j-jcgv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-khft-xvrw-g3dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110302?format=api", "vulnerability_id": "VCID-kmpp-6j49-pqfz", "summary": "baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability\nThere is a cross-site scripting vulnerability on the management system of baserCMS.\n\nThis is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.\nIf you are eligible, please update to the new version as soon as possible.\n\n### Target\nbaserCMS 4.7.1 and earlier versions.\n\n### Vulnerability\nExecution of malicious JavaScript code may alter the display of the page or leak cookie information.\n- In Favorite registration (CVE-2022-39325)\n- In Permission Settings (CVE-2022-41994)\n- In User group management (CVE-2022-42486)\n\n### Countermeasures\nUpdate to the latest version of baserCMS\n\n### Credits\n- Shogo Iyota@Mitsui Bussan Secure Directions, Inc.\n- YUYA KOTAKE@CARTA HOLDINGS, INC.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00687", "scoring_system": "epss", "scoring_elements": "0.72163", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00687", "scoring_system": "epss", "scoring_elements": "0.72122", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39325" }, { "reference_url": "https://basercms.net/security/JVN_53682526", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:00Z/" } ], "url": "https://basercms.net/security/JVN_53682526" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:00Z/" } ], "url": "https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6" }, { "reference_url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.2" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:00Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39325", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39325" }, { "reference_url": "https://github.com/advisories/GHSA-395x-wv32-44v5", "reference_id": "GHSA-395x-wv32-44v5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-395x-wv32-44v5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/146599?format=api", "purl": "pkg:composer/baserproject/basercms@4.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-khft-xvrw-g3dr" }, { "vulnerability": "VCID-mfm9-gsh3-ubg8" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p695-t9ye-v3ga" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-sqr4-v889-tff8" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" }, { "vulnerability": "VCID-zxns-tzw3-27fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.2" } ], "aliases": [ "CVE-2022-39325", "GHSA-395x-wv32-44v5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kmpp-6j49-pqfz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56058?format=api", "vulnerability_id": "VCID-mfm9-gsh3-ubg8", "summary": "baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature\nXSS vulnerability in Blog posts feature to baserCMS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46996", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01236", "scoring_system": "epss", "scoring_elements": "0.79576", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46996" }, { "reference_url": "https://basercms.net/security/JVN_00876083", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:22:34Z/" } ], "url": "https://basercms.net/security/JVN_00876083" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46996", "reference_id": "CVE-2024-46996", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46996" }, { "reference_url": "https://github.com/advisories/GHSA-66jv-qrm3-vvfg", "reference_id": "GHSA-66jv-qrm3-vvfg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-66jv-qrm3-vvfg" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-66jv-qrm3-vvfg", "reference_id": "GHSA-66jv-qrm3-vvfg", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:22:34Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-66jv-qrm3-vvfg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83045?format=api", "purl": "pkg:composer/baserproject/basercms@5.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2" } ], "aliases": [ "CVE-2024-46996", "GHSA-66jv-qrm3-vvfg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mfm9-gsh3-ubg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47109?format=api", "vulnerability_id": "VCID-nxrf-64er-xbfx", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nbaserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26128", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02281", "scoring_system": "epss", "scoring_elements": "0.85006", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26128" }, { "reference_url": "https://basercms.net/security/JVN_73283159", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-12T15:20:28Z/" } ], "url": "https://basercms.net/security/JVN_73283159" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-12T15:20:28Z/" } ], "url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26128", "reference_id": "CVE-2024-26128", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26128" }, { "reference_url": "https://github.com/advisories/GHSA-jjxq-m8h3-4vw5", "reference_id": "GHSA-jjxq-m8h3-4vw5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jjxq-m8h3-4vw5" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5", "reference_id": "GHSA-jjxq-m8h3-4vw5", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-12T15:20:28Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69105?format=api", "purl": "pkg:composer/baserproject/basercms@5.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-khft-xvrw-g3dr" }, { "vulnerability": "VCID-mfm9-gsh3-ubg8" }, { "vulnerability": "VCID-p695-t9ye-v3ga" }, { "vulnerability": "VCID-sqr4-v889-tff8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.9" } ], "aliases": [ "CVE-2024-26128", "GHSA-jjxq-m8h3-4vw5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nxrf-64er-xbfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56065?format=api", "vulnerability_id": "VCID-p695-t9ye-v3ga", "summary": "baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature\nXSS vulnerability in Edit Email Form Settings Feature to baserCMS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46998", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01064", "scoring_system": "epss", "scoring_elements": "0.7805", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46998" }, { "reference_url": "https://basercms.net/security/JVN_00876083", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN_00876083" }, { "reference_url": "https://basercms.net/security/JVN_98693329", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T20:01:19Z/" } ], "url": "https://basercms.net/security/JVN_98693329" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46998", "reference_id": "CVE-2024-46998", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46998" }, { "reference_url": "https://github.com/advisories/GHSA-p3m2-mj3j-j49x", "reference_id": "GHSA-p3m2-mj3j-j49x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p3m2-mj3j-j49x" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-p3m2-mj3j-j49x", "reference_id": "GHSA-p3m2-mj3j-j49x", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T20:01:19Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-p3m2-mj3j-j49x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83045?format=api", "purl": "pkg:composer/baserproject/basercms@5.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2" } ], "aliases": [ "CVE-2024-46998", "GHSA-p3m2-mj3j-j49x" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p695-t9ye-v3ga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46312?format=api", "vulnerability_id": "VCID-pd8c-9d7z-zkhg", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in baserproject/basercms.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43647", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.69062", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43647" }, { "reference_url": "https://basercms.net/security/JVN_24381990", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T20:12:52Z/" } ], "url": "https://basercms.net/security/JVN_24381990" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T20:12:52Z/" } ], "url": "https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43647", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43647" }, { "reference_url": "https://github.com/advisories/GHSA-ggj4-78rm-6xgv", "reference_id": "GHSA-ggj4-78rm-6xgv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ggj4-78rm-6xgv" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv", "reference_id": "GHSA-ggj4-78rm-6xgv", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T20:12:52Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67525?format=api", "purl": "pkg:composer/baserproject/basercms@4.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-khft-xvrw-g3dr" }, { "vulnerability": "VCID-mfm9-gsh3-ubg8" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p695-t9ye-v3ga" }, { "vulnerability": "VCID-sqr4-v889-tff8" }, { "vulnerability": "VCID-uedz-j2vn-cbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/67580?format=api", "purl": "pkg:composer/baserproject/basercms@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-khft-xvrw-g3dr" }, { "vulnerability": "VCID-mfm9-gsh3-ubg8" }, { "vulnerability": "VCID-p695-t9ye-v3ga" }, { "vulnerability": "VCID-sqr4-v889-tff8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.0" } ], "aliases": [ "CVE-2023-43647", "GHSA-ggj4-78rm-6xgv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pd8c-9d7z-zkhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56069?format=api", "vulnerability_id": "VCID-sqr4-v889-tff8", "summary": "baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature\nXSS vulnerability in Blog posts and Contents list Feature to baserCMS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46994", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01179", "scoring_system": "epss", "scoring_elements": "0.79112", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46994" }, { "reference_url": "https://basercms.net/security/JVN_00876083", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:44Z/" } ], "url": "https://basercms.net/security/JVN_00876083" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46994", "reference_id": "CVE-2024-46994", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46994" }, { "reference_url": "https://github.com/advisories/GHSA-wrjc-fmfq-w3jr", "reference_id": "GHSA-wrjc-fmfq-w3jr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wrjc-fmfq-w3jr" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-wrjc-fmfq-w3jr", "reference_id": "GHSA-wrjc-fmfq-w3jr", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:44Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-wrjc-fmfq-w3jr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83045?format=api", "purl": "pkg:composer/baserproject/basercms@5.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2" } ], "aliases": [ "CVE-2024-46994", "GHSA-wrjc-fmfq-w3jr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sqr4-v889-tff8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46308?format=api", "vulnerability_id": "VCID-u16w-rbuk-ybfs", "summary": "baserCMS Directory Traversal vulnerability in Form submission data management Feature\nThere is a Directory Traversal Vulnerability in Form submission data management Feature to baserCMS.\n\nThis is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.\nIf you are eligible, please update to the new version as soon as possible.\n\n### Target\nbaserCMS 4.7.8 and earlier versions\n\n### Vulnerability\nThere is a possibility that information on the server may be obtained by a user who is logged in to the management screen.\n\n### Countermeasures\nUpdate to the latest version of baserCMS\n\nPlease refer to the following page to reference for more information.\nhttps://basercms.net/security/JVN_45547161\n\n### Credits\nShiga Takuma@BroadBand Security, Inc", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43648", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52624", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43648" }, { "reference_url": "https://basercms.net/security/JVN_81174674", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:22:00Z/" } ], "url": "https://basercms.net/security/JVN_81174674" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:22:00Z/" } ], "url": "https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43648", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43648" }, { "reference_url": "https://github.com/advisories/GHSA-hmqj-gv2m-hq55", "reference_id": "GHSA-hmqj-gv2m-hq55", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hmqj-gv2m-hq55" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55", "reference_id": "GHSA-hmqj-gv2m-hq55", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:22:00Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67525?format=api", "purl": "pkg:composer/baserproject/basercms@4.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-khft-xvrw-g3dr" }, { "vulnerability": "VCID-mfm9-gsh3-ubg8" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p695-t9ye-v3ga" }, { "vulnerability": "VCID-sqr4-v889-tff8" }, { "vulnerability": "VCID-uedz-j2vn-cbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/67580?format=api", "purl": "pkg:composer/baserproject/basercms@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-khft-xvrw-g3dr" }, { "vulnerability": "VCID-mfm9-gsh3-ubg8" }, { "vulnerability": "VCID-p695-t9ye-v3ga" }, { "vulnerability": "VCID-sqr4-v889-tff8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.0" } ], "aliases": [ "CVE-2023-43648", "GHSA-hmqj-gv2m-hq55" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u16w-rbuk-ybfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47096?format=api", "vulnerability_id": "VCID-uedz-j2vn-cbea", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nbaserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51450", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73646", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51450" }, { "reference_url": "https://basercms.net/security/JVN_09767360", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:32:12Z/" } ], "url": "https://basercms.net/security/JVN_09767360" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:32:12Z/" } ], "url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51450", "reference_id": "CVE-2023-51450", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51450" }, { "reference_url": "https://github.com/advisories/GHSA-77fc-4cv5-hmfr", "reference_id": "GHSA-77fc-4cv5-hmfr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-77fc-4cv5-hmfr" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr", "reference_id": "GHSA-77fc-4cv5-hmfr", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:32:12Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69105?format=api", "purl": "pkg:composer/baserproject/basercms@5.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-khft-xvrw-g3dr" }, { "vulnerability": "VCID-mfm9-gsh3-ubg8" }, { "vulnerability": "VCID-p695-t9ye-v3ga" }, { "vulnerability": "VCID-sqr4-v889-tff8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.9" } ], "aliases": [ "CVE-2023-51450", "GHSA-77fc-4cv5-hmfr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uedz-j2vn-cbea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54254?format=api", "vulnerability_id": "VCID-xpsb-2yux-g3cf", "summary": "Cross-site Scripting\nImproper neutralization of JavaScript input in the blog article editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20683", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42402", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42327", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20683" }, { "reference_url": "https://basercms.net/security/JVN64869876", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN64869876" }, { "reference_url": "https://github.com/baserproject/basercms/commit/88ccc61e5656b05dd13204d61de706efaa2cd0b1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/88ccc61e5656b05dd13204d61de706efaa2cd0b1" }, { "reference_url": "https://jvn.jp/en/jp/JVN64869876/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jvn.jp/en/jp/JVN64869876/index.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20683", "reference_id": "CVE-2021-20683", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20683" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80118?format=api", "purl": "pkg:composer/baserproject/basercms@4.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-khft-xvrw-g3dr" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-mfm9-gsh3-ubg8" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p695-t9ye-v3ga" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-sqr4-v889-tff8" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.5" } ], "aliases": [ "CVE-2021-20683", "GHSA-v9w8-hq92-v39m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xpsb-2yux-g3cf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44709?format=api", "vulnerability_id": "VCID-zsgc-fnen-b7a6", "summary": "Unrestricted Upload of File with Dangerous Type\nbaserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25655", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00561", "scoring_system": "epss", "scoring_elements": "0.68669", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00561", "scoring_system": "epss", "scoring_elements": "0.6871", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25655" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:30:57Z/" } ], "url": "https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100" }, { "reference_url": "https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:30:57Z/" } ], "url": "https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd" }, { "reference_url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:30:57Z/" } ], "url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25655", "reference_id": "CVE-2023-25655", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25655" }, { "reference_url": "https://github.com/advisories/GHSA-mfvg-qwcw-qvc8", "reference_id": "GHSA-mfvg-qwcw-qvc8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mfvg-qwcw-qvc8" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8", "reference_id": "GHSA-mfvg-qwcw-qvc8", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:30:57Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64369?format=api", "purl": "pkg:composer/baserproject/basercms@4.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-khft-xvrw-g3dr" }, { "vulnerability": "VCID-mfm9-gsh3-ubg8" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p695-t9ye-v3ga" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-sqr4-v889-tff8" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-zxns-tzw3-27fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.5" } ], "aliases": [ "CVE-2023-25655", "GHSA-mfvg-qwcw-qvc8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zsgc-fnen-b7a6" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.3" }