Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/55952?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/55952?format=api", "purl": "pkg:composer/baserproject/basercms@4.1.1", "type": "composer", "namespace": "baserproject", "name": "basercms", "version": "4.1.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.0.0", "latest_non_vulnerable_version": "5.2.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54253?format=api", "vulnerability_id": "VCID-1q79-sxzp-zker", "summary": "OS Command Injection\nbaserCMS allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20682", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02357", "scoring_system": "epss", "scoring_elements": "0.8521", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02357", "scoring_system": "epss", "scoring_elements": "0.85235", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20682" }, { "reference_url": "https://basercms.net/security/JVN64869876", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN64869876" }, { "reference_url": "https://jvn.jp/en/jp/JVN64869876/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jvn.jp/en/jp/JVN64869876/index.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20682", "reference_id": "CVE-2021-20682", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20682" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80118?format=api", "purl": "pkg:composer/baserproject/basercms@4.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.5" } ], "aliases": [ "CVE-2021-20682", "GHSA-g39q-f4rm-85x4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1q79-sxzp-zker" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41774?format=api", "vulnerability_id": "VCID-5ay3-1t5g-vycu", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nBaserCMS is an open source content management system with a focus on Japanese language support. Users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41279", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.6349", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63447", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41279" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/d8ab0a81a7bce35cc95ff7dff851a7e87a084336", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/d8ab0a81a7bce35cc95ff7dff851a7e87a084336" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41279", "reference_id": "CVE-2021-41279", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41279" }, { "reference_url": "https://github.com/advisories/GHSA-4x2f-54wr-4hjg", "reference_id": "GHSA-4x2f-54wr-4hjg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4x2f-54wr-4hjg" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-4x2f-54wr-4hjg", "reference_id": "GHSA-4x2f-54wr-4hjg", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-4x2f-54wr-4hjg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59671?format=api", "purl": "pkg:composer/baserproject/basercms@4.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.5.4" } ], "aliases": [ "CVE-2021-41279", "GHSA-4x2f-54wr-4hjg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ay3-1t5g-vycu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41773?format=api", "vulnerability_id": "VCID-891u-x525-ykbb", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nThere is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41243", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02799", "scoring_system": "epss", "scoring_elements": "0.86405", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02799", "scoring_system": "epss", "scoring_elements": "0.86382", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41243" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/9088b99c329d1faff3a2f1269f37b9a9d8d5f6ff", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/9088b99c329d1faff3a2f1269f37b9a9d8d5f6ff" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41243", "reference_id": "CVE-2021-41243", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41243" }, { "reference_url": "https://github.com/advisories/GHSA-7rpc-9m88-cf9w", "reference_id": "GHSA-7rpc-9m88-cf9w", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7rpc-9m88-cf9w" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-7rpc-9m88-cf9w", "reference_id": "GHSA-7rpc-9m88-cf9w", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-7rpc-9m88-cf9w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59671?format=api", "purl": "pkg:composer/baserproject/basercms@4.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.5.4" } ], "aliases": [ "CVE-2021-41243", "GHSA-7rpc-9m88-cf9w" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-891u-x525-ykbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40410?format=api", "vulnerability_id": "VCID-9mf7-56fh-fyfk", "summary": "Cross-site Scripting\nAn issue was discovered in baserCMS In the Register New Category feature of the Upload menu, the category name can be used for XSS via the `data[UploaderCategory][name]` parameter to an `admin/uploader/uploader_categories/edit` URI.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18943", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.54037", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.54093", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18943" }, { "reference_url": "https://basercms.net/release/4_1_4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://basercms.net/release/4_1_4" }, { "reference_url": "https://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4" }, { "reference_url": "https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18943", "reference_id": "CVE-2018-18943", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18943" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56953?format=api", "purl": "pkg:composer/baserproject/basercms@4.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-d5gk-q2hh-kba5" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p6nr-eu91-53b4" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-twf5-bzba-gqb4" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-vqx2-hzju-r7et" }, { "vulnerability": "VCID-wvnk-63hy-ykeq" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-xxud-7jsh-bbc1" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.4" } ], "aliases": [ "CVE-2018-18943", "GHSA-fx2m-5m9v-jhgp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9mf7-56fh-fyfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109472?format=api", "vulnerability_id": "VCID-ays7-6wvh-augt", "summary": "baserCMS vulnerable to stored Cross-site Scripting\nStored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42486", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.3445", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34547", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42486" }, { "reference_url": "https://basercms.net/security/JVN_53682526", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T16:01:40Z/" } ], "url": "https://basercms.net/security/JVN_53682526" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://jvn.jp/en/jp/JVN53682526/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T16:01:40Z/" } ], "url": "https://jvn.jp/en/jp/JVN53682526/index.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42486", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42486" }, { "reference_url": "https://github.com/advisories/GHSA-7w2v-35j3-xrm9", "reference_id": "GHSA-7w2v-35j3-xrm9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7w2v-35j3-xrm9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/146599?format=api", "purl": "pkg:composer/baserproject/basercms@4.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" }, { "vulnerability": "VCID-zxns-tzw3-27fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.2" } ], "aliases": [ "CVE-2022-42486", "GHSA-7w2v-35j3-xrm9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ays7-6wvh-augt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52933?format=api", "vulnerability_id": "VCID-d5gk-q2hh-kba5", "summary": "Cross-site Scripting\nbaserCMS `content_info.php`, `content_options.php`, `content_related.php`, `index_list_tree.php`, `jquery.bcTree.js`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15154", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.74124", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.74157", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15154" }, { "reference_url": "https://basercms.net/security/20200827", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/20200827" }, { "reference_url": "https://github.com/baserproject/basercms/commit/7f4b905b90954e394ec10dd35bad2a5dec505371", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/7f4b905b90954e394ec10dd35bad2a5dec505371" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15154", "reference_id": "CVE-2020-15154", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15154" }, { "reference_url": "https://github.com/advisories/GHSA-cpxc-67rc-c775", "reference_id": "GHSA-cpxc-67rc-c775", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cpxc-67rc-c775" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77910?format=api", "purl": "pkg:composer/baserproject/basercms@4.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-twf5-bzba-gqb4" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-wvnk-63hy-ykeq" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-xxud-7jsh-bbc1" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.3.7" } ], "aliases": [ "CVE-2020-15154", "GHSA-cpxc-67rc-c775" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d5gk-q2hh-kba5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54257?format=api", "vulnerability_id": "VCID-eq7f-n3g5-s3hu", "summary": "Cross-site Scripting\nImproper neutralization of JavaScript input in the page editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20681", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42327", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42402", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20681" }, { "reference_url": "https://basercms.net/security/JVN64869876", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN64869876" }, { "reference_url": "https://jvn.jp/en/jp/JVN64869876/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jvn.jp/en/jp/JVN64869876/index.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20681", "reference_id": "CVE-2021-20681", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20681" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80118?format=api", "purl": "pkg:composer/baserproject/basercms@4.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.5" } ], "aliases": [ "CVE-2021-20681", "GHSA-24p5-x9f9-vvpx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eq7f-n3g5-s3hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46297?format=api", "vulnerability_id": "VCID-g56w-z9cx-5ygv", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in baserproject/basercms.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.68361", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29009" }, { "reference_url": "https://basercms.net/security/JVN_45547161", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:59:04Z/" } ], "url": "https://basercms.net/security/JVN_45547161" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/919c3ccbbd7a2432967dcb2e428131cc7ad71bb2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/919c3ccbbd7a2432967dcb2e428131cc7ad71bb2" }, { "reference_url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:59:04Z/" } ], "url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29009", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29009" }, { "reference_url": "https://github.com/advisories/GHSA-8vqx-prq4-rqrq", "reference_id": "GHSA-8vqx-prq4-rqrq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8vqx-prq4-rqrq" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq", "reference_id": "GHSA-8vqx-prq4-rqrq", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:59:04Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/685977?format=api", "purl": "pkg:composer/baserproject/basercms@5.0.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-uedz-j2vn-cbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/67525?format=api", "purl": "pkg:composer/baserproject/basercms@4.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-uedz-j2vn-cbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.8.0" } ], "aliases": [ "CVE-2023-29009", "GHSA-8vqx-prq4-rqrq" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g56w-z9cx-5ygv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47107?format=api", "vulnerability_id": "VCID-ggv8-3v9t-mfea", "summary": "baserCMS Cross-site Scripting vulnerability in Site search Feature\nThere is a XSS Vulnerability in Site search Feature to baserCMS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70549", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44379" }, { "reference_url": "https://basercms.net/security/JVN_73283159", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:39:22Z/" } ], "url": "https://basercms.net/security/JVN_73283159" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:39:22Z/" } ], "url": "https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44379", "reference_id": "CVE-2023-44379", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44379" }, { "reference_url": "https://github.com/advisories/GHSA-66c2-p8rh-qx87", "reference_id": "GHSA-66c2-p8rh-qx87", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-66c2-p8rh-qx87" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87", "reference_id": "GHSA-66c2-p8rh-qx87", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:39:22Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69105?format=api", "purl": "pkg:composer/baserproject/basercms@5.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.9" } ], "aliases": [ "CVE-2023-44379", "GHSA-66c2-p8rh-qx87" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ggv8-3v9t-mfea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40409?format=api", "vulnerability_id": "VCID-gsg3-fdmu-vqag", "summary": "Improper Input Validation\nbaserCMS allows remote attackers to execute arbitrary PHP code via the `admin/theme_configs/form`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18942", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00928", "scoring_system": "epss", "scoring_elements": "0.76457", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00928", "scoring_system": "epss", "scoring_elements": "0.76486", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18942" }, { "reference_url": "https://basercms.net/release/4_1_4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://basercms.net/release/4_1_4" }, { "reference_url": "https://github.com/baserproject/basercms/issues/959", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/issues/959" }, { "reference_url": "https://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4" }, { "reference_url": "https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS" }, { "reference_url": "https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18942", "reference_id": "CVE-2018-18942", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18942" }, { "reference_url": "https://github.com/advisories/GHSA-rjc2-x53r-6c9r", "reference_id": "GHSA-rjc2-x53r-6c9r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rjc2-x53r-6c9r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56953?format=api", "purl": "pkg:composer/baserproject/basercms@4.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-d5gk-q2hh-kba5" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p6nr-eu91-53b4" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-twf5-bzba-gqb4" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-vqx2-hzju-r7et" }, { "vulnerability": "VCID-wvnk-63hy-ykeq" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-xxud-7jsh-bbc1" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.4" } ], "aliases": [ "CVE-2018-18942", "GHSA-rjc2-x53r-6c9r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gsg3-fdmu-vqag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41362?format=api", "vulnerability_id": "VCID-hpk4-a6tr-3ffe", "summary": "baserCMS is an open source content management system with a focus on Japanese language support. A Cross-site Scripting vulnerability has been identified.", "references": [ { "reference_url": "http://jvn.jp/en/jp/JVN14134801/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN14134801/index.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39136", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.67989", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.6795", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39136" }, { "reference_url": "https://basercms.net/security/JVN_14134801", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN_14134801" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bc", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bc" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39136", "reference_id": "CVE-2021-39136", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39136" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58790?format=api", "purl": "pkg:composer/baserproject/basercms@4.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.5.1" } ], "aliases": [ "CVE-2021-39136", "GHSA-hgjr-632x-qpp3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hpk4-a6tr-3ffe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44713?format=api", "vulnerability_id": "VCID-j37y-gws9-ake9", "summary": "Unrestricted Upload of File with Dangerous Type\nbaserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02083", "scoring_system": "epss", "scoring_elements": "0.84309", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02083", "scoring_system": "epss", "scoring_elements": "0.84332", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25654" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/" } ], "url": "https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96" }, { "reference_url": "https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/" } ], "url": "https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359" }, { "reference_url": "https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/" } ], "url": "https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0" }, { "reference_url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/" } ], "url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25654", "reference_id": "CVE-2023-25654", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25654" }, { "reference_url": "https://github.com/advisories/GHSA-h4cc-fxpp-pgw9", "reference_id": "GHSA-h4cc-fxpp-pgw9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h4cc-fxpp-pgw9" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9", "reference_id": "GHSA-h4cc-fxpp-pgw9", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64369?format=api", "purl": "pkg:composer/baserproject/basercms@4.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-zxns-tzw3-27fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.5" } ], "aliases": [ "CVE-2023-25654", "GHSA-h4cc-fxpp-pgw9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j37y-gws9-ake9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46310?format=api", "vulnerability_id": "VCID-jby7-s5ez-dqb3", "summary": "Cross-Site Request Forgery (CSRF) in baserproject/basercms.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43649", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.3025", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43649" }, { "reference_url": "https://basercms.net/security/JVN_99052047", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:21:18Z/" } ], "url": "https://basercms.net/security/JVN_99052047" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:21:18Z/" } ], "url": "https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43649", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43649" }, { "reference_url": "https://github.com/advisories/GHSA-fw9x-cqjq-7jx5", "reference_id": "GHSA-fw9x-cqjq-7jx5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fw9x-cqjq-7jx5" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5", "reference_id": "GHSA-fw9x-cqjq-7jx5", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:21:18Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67525?format=api", "purl": "pkg:composer/baserproject/basercms@4.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-uedz-j2vn-cbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/67580?format=api", "purl": "pkg:composer/baserproject/basercms@5.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.0" } ], "aliases": [ "CVE-2023-43649", "GHSA-fw9x-cqjq-7jx5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jby7-s5ez-dqb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109461?format=api", "vulnerability_id": "VCID-k575-suuf-7bhf", "summary": "baserCMS vulnerable to stored Cross-site Scripting\nStored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41994", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34314", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34412", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41994" }, { "reference_url": "https://basercms.net/security/JVN_53682526", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:27:38Z/" } ], "url": "https://basercms.net/security/JVN_53682526" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://jvn.jp/en/jp/JVN53682526/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:27:38Z/" } ], "url": "https://jvn.jp/en/jp/JVN53682526/index.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41994", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41994" }, { "reference_url": "https://github.com/advisories/GHSA-vxwf-79ch-f7f7", "reference_id": "GHSA-vxwf-79ch-f7f7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vxwf-79ch-f7f7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/146599?format=api", "purl": "pkg:composer/baserproject/basercms@4.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" }, { "vulnerability": "VCID-zxns-tzw3-27fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.2" } ], "aliases": [ "CVE-2022-41994", "GHSA-vxwf-79ch-f7f7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k575-suuf-7bhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110302?format=api", "vulnerability_id": "VCID-kmpp-6j49-pqfz", "summary": "baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability\nThere is a cross-site scripting vulnerability on the management system of baserCMS.\n\nThis is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.\nIf you are eligible, please update to the new version as soon as possible.\n\n### Target\nbaserCMS 4.7.1 and earlier versions.\n\n### Vulnerability\nExecution of malicious JavaScript code may alter the display of the page or leak cookie information.\n- In Favorite registration (CVE-2022-39325)\n- In Permission Settings (CVE-2022-41994)\n- In User group management (CVE-2022-42486)\n\n### Countermeasures\nUpdate to the latest version of baserCMS\n\n### Credits\n- Shogo Iyota@Mitsui Bussan Secure Directions, Inc.\n- YUYA KOTAKE@CARTA HOLDINGS, INC.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00687", "scoring_system": "epss", "scoring_elements": "0.72163", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00687", "scoring_system": "epss", "scoring_elements": "0.72122", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39325" }, { "reference_url": "https://basercms.net/security/JVN_53682526", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:00Z/" } ], "url": "https://basercms.net/security/JVN_53682526" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:00Z/" } ], "url": "https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6" }, { "reference_url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.2" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:00Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39325", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39325" }, { "reference_url": "https://github.com/advisories/GHSA-395x-wv32-44v5", "reference_id": "GHSA-395x-wv32-44v5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-395x-wv32-44v5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/146599?format=api", "purl": "pkg:composer/baserproject/basercms@4.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" }, { "vulnerability": "VCID-zxns-tzw3-27fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.2" } ], "aliases": [ "CVE-2022-39325", "GHSA-395x-wv32-44v5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kmpp-6j49-pqfz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47109?format=api", "vulnerability_id": "VCID-nxrf-64er-xbfx", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nbaserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26128", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02281", "scoring_system": "epss", "scoring_elements": "0.85006", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26128" }, { "reference_url": "https://basercms.net/security/JVN_73283159", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-12T15:20:28Z/" } ], "url": "https://basercms.net/security/JVN_73283159" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-12T15:20:28Z/" } ], "url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26128", "reference_id": "CVE-2024-26128", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26128" }, { "reference_url": "https://github.com/advisories/GHSA-jjxq-m8h3-4vw5", "reference_id": "GHSA-jjxq-m8h3-4vw5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jjxq-m8h3-4vw5" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5", "reference_id": "GHSA-jjxq-m8h3-4vw5", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-12T15:20:28Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69105?format=api", "purl": "pkg:composer/baserproject/basercms@5.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.9" } ], "aliases": [ "CVE-2024-26128", "GHSA-jjxq-m8h3-4vw5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nxrf-64er-xbfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52930?format=api", "vulnerability_id": "VCID-p6nr-eu91-53b4", "summary": "Cross-site Scripting\nbaserCMS is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The affected components are `ThemeFilesController.php` and `UploaderFilesController.php`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15159", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01563", "scoring_system": "epss", "scoring_elements": "0.8186", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01563", "scoring_system": "epss", "scoring_elements": "0.81826", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15159" }, { "reference_url": "https://basercms.net/security/20200827", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/20200827" }, { "reference_url": "https://github.com/baserproject/basercms/commit/16a7b3cd09a0ca355474119c76897eac2034a66d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/16a7b3cd09a0ca355474119c76897eac2034a66d" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-673x-f5wx-fxpw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-673x-f5wx-fxpw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15159", "reference_id": "CVE-2020-15159", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15159" }, { "reference_url": "https://github.com/advisories/GHSA-673x-f5wx-fxpw", "reference_id": "GHSA-673x-f5wx-fxpw", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-673x-f5wx-fxpw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77910?format=api", "purl": "pkg:composer/baserproject/basercms@4.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-twf5-bzba-gqb4" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-wvnk-63hy-ykeq" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-xxud-7jsh-bbc1" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.3.7" } ], "aliases": [ "CVE-2020-15159", "GHSA-673x-f5wx-fxpw" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p6nr-eu91-53b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46312?format=api", "vulnerability_id": "VCID-pd8c-9d7z-zkhg", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in baserproject/basercms.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43647", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.69062", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43647" }, { "reference_url": "https://basercms.net/security/JVN_24381990", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T20:12:52Z/" } ], "url": "https://basercms.net/security/JVN_24381990" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T20:12:52Z/" } ], "url": "https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43647", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43647" }, { "reference_url": "https://github.com/advisories/GHSA-ggj4-78rm-6xgv", "reference_id": "GHSA-ggj4-78rm-6xgv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ggj4-78rm-6xgv" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv", "reference_id": "GHSA-ggj4-78rm-6xgv", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T20:12:52Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67525?format=api", "purl": "pkg:composer/baserproject/basercms@4.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-uedz-j2vn-cbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/67580?format=api", "purl": "pkg:composer/baserproject/basercms@5.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.0" } ], "aliases": [ "CVE-2023-43647", "GHSA-ggj4-78rm-6xgv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pd8c-9d7z-zkhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53745?format=api", "vulnerability_id": "VCID-twf5-bzba-gqb4", "summary": "Cross-site Scripting\nbaserCMS is vulnerable to Cross-Site Scripting. The issue affects the following components; Edit feed settings, Edit widget area, Sub site new registration, and New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, sub-site setting list, widget area edit, and feed list on the management screen.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15273", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61981", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61932", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15273" }, { "reference_url": "https://github.com/baserproject/basercms/commit/b70474ef9dcee6ad8826360884625dc7ca9041a1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/b70474ef9dcee6ad8826360884625dc7ca9041a1" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-wpww-4jf4-4hx8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-wpww-4jf4-4hx8" }, { "reference_url": "https://packagist.org/packages/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packagist.org/packages/baserproject/basercms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15273", "reference_id": "CVE-2020-15273", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15273" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79034?format=api", "purl": "pkg:composer/baserproject/basercms@4.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.1" } ], "aliases": [ "CVE-2020-15273", "GHSA-wpww-4jf4-4hx8" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-twf5-bzba-gqb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46308?format=api", "vulnerability_id": "VCID-u16w-rbuk-ybfs", "summary": "baserCMS Directory Traversal vulnerability in Form submission data management Feature\nThere is a Directory Traversal Vulnerability in Form submission data management Feature to baserCMS.\n\nThis is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.\nIf you are eligible, please update to the new version as soon as possible.\n\n### Target\nbaserCMS 4.7.8 and earlier versions\n\n### Vulnerability\nThere is a possibility that information on the server may be obtained by a user who is logged in to the management screen.\n\n### Countermeasures\nUpdate to the latest version of baserCMS\n\nPlease refer to the following page to reference for more information.\nhttps://basercms.net/security/JVN_45547161\n\n### Credits\nShiga Takuma@BroadBand Security, Inc", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43648", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52624", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43648" }, { "reference_url": "https://basercms.net/security/JVN_81174674", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:22:00Z/" } ], "url": "https://basercms.net/security/JVN_81174674" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:22:00Z/" } ], "url": "https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43648", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43648" }, { "reference_url": "https://github.com/advisories/GHSA-hmqj-gv2m-hq55", "reference_id": "GHSA-hmqj-gv2m-hq55", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hmqj-gv2m-hq55" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55", "reference_id": "GHSA-hmqj-gv2m-hq55", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:22:00Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67525?format=api", "purl": "pkg:composer/baserproject/basercms@4.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-uedz-j2vn-cbea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/67580?format=api", "purl": "pkg:composer/baserproject/basercms@5.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.0" } ], "aliases": [ "CVE-2023-43648", "GHSA-hmqj-gv2m-hq55" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u16w-rbuk-ybfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47096?format=api", "vulnerability_id": "VCID-uedz-j2vn-cbea", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nbaserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51450", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73646", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51450" }, { "reference_url": "https://basercms.net/security/JVN_09767360", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:32:12Z/" } ], "url": "https://basercms.net/security/JVN_09767360" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:32:12Z/" } ], "url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51450", "reference_id": "CVE-2023-51450", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51450" }, { "reference_url": "https://github.com/advisories/GHSA-77fc-4cv5-hmfr", "reference_id": "GHSA-77fc-4cv5-hmfr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-77fc-4cv5-hmfr" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr", "reference_id": "GHSA-77fc-4cv5-hmfr", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:32:12Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69105?format=api", "purl": "pkg:composer/baserproject/basercms@5.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.9" } ], "aliases": [ "CVE-2023-51450", "GHSA-77fc-4cv5-hmfr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uedz-j2vn-cbea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52932?format=api", "vulnerability_id": "VCID-vqx2-hzju-r7et", "summary": "Cross-site Scripting\nbaserCMS is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is `toolbar.php`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15155", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75527", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75555", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15155" }, { "reference_url": "https://basercms.net/security/20200827", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/20200827" }, { "reference_url": "https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15155", "reference_id": "CVE-2020-15155", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15155" }, { "reference_url": "https://github.com/advisories/GHSA-4r3m-j6x5-48m3", "reference_id": "GHSA-4r3m-j6x5-48m3", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4r3m-j6x5-48m3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77910?format=api", "purl": "pkg:composer/baserproject/basercms@4.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-twf5-bzba-gqb4" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-wvnk-63hy-ykeq" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-xxud-7jsh-bbc1" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.3.7" } ], "aliases": [ "CVE-2020-15155", "GHSA-4r3m-j6x5-48m3" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vqx2-hzju-r7et" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53748?format=api", "vulnerability_id": "VCID-wvnk-63hy-ykeq", "summary": "Cross-site Scripting\nbaserCMS is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a specially crafted nickname in the blog comments. The issue affects the blog comment component.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15276", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69606", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69646", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15276" }, { "reference_url": "https://basercms.net/security/20201029", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/20201029" }, { "reference_url": "https://github.com/baserproject/basercms/commit/d14f506385f21d67d5ff3462f204d4c2321b7c54", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/d14f506385f21d67d5ff3462f204d4c2321b7c54" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw5q-j9p4-3vxg", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw5q-j9p4-3vxg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15276", "reference_id": "CVE-2020-15276", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15276" }, { "reference_url": "https://github.com/advisories/GHSA-fw5q-j9p4-3vxg", "reference_id": "GHSA-fw5q-j9p4-3vxg", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fw5q-j9p4-3vxg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79034?format=api", "purl": "pkg:composer/baserproject/basercms@4.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.1" } ], "aliases": [ "CVE-2020-15276", "GHSA-fw5q-j9p4-3vxg" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wvnk-63hy-ykeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54254?format=api", "vulnerability_id": "VCID-xpsb-2yux-g3cf", "summary": "Cross-site Scripting\nImproper neutralization of JavaScript input in the blog article editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20683", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42402", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42327", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20683" }, { "reference_url": "https://basercms.net/security/JVN64869876", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN64869876" }, { "reference_url": "https://github.com/baserproject/basercms/commit/88ccc61e5656b05dd13204d61de706efaa2cd0b1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/88ccc61e5656b05dd13204d61de706efaa2cd0b1" }, { "reference_url": "https://jvn.jp/en/jp/JVN64869876/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jvn.jp/en/jp/JVN64869876/index.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20683", "reference_id": "CVE-2021-20683", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20683" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80118?format=api", "purl": "pkg:composer/baserproject/basercms@4.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.5" } ], "aliases": [ "CVE-2021-20683", "GHSA-v9w8-hq92-v39m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xpsb-2yux-g3cf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53746?format=api", "vulnerability_id": "VCID-xxud-7jsh-bbc1", "summary": "Unrestricted Upload of File with Dangerous Type\nbaserCMS Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The `Edit template` component was found to be vulnerable.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03225", "scoring_system": "epss", "scoring_elements": "0.87299", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03225", "scoring_system": "epss", "scoring_elements": "0.87321", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15277" }, { "reference_url": "https://basercms.net/security/20201029", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/20201029" }, { "reference_url": "https://github.com/baserproject/basercms/commit/bb027c3967b0430adcff2d2fedbc23d39077563b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/bb027c3967b0430adcff2d2fedbc23d39077563b" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-6fmv-q269-55cw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-6fmv-q269-55cw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15277", "reference_id": "CVE-2020-15277", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15277" }, { "reference_url": "https://github.com/advisories/GHSA-6fmv-q269-55cw", "reference_id": "GHSA-6fmv-q269-55cw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6fmv-q269-55cw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79034?format=api", "purl": "pkg:composer/baserproject/basercms@4.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.1" } ], "aliases": [ "CVE-2020-15277", "GHSA-6fmv-q269-55cw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xxud-7jsh-bbc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44709?format=api", "vulnerability_id": "VCID-zsgc-fnen-b7a6", "summary": "Unrestricted Upload of File with Dangerous Type\nbaserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25655", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00561", "scoring_system": "epss", "scoring_elements": "0.68669", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00561", "scoring_system": "epss", "scoring_elements": "0.6871", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25655" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:30:57Z/" } ], "url": "https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100" }, { "reference_url": "https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:30:57Z/" } ], "url": "https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd" }, { "reference_url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:30:57Z/" } ], "url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25655", "reference_id": "CVE-2023-25655", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25655" }, { "reference_url": "https://github.com/advisories/GHSA-mfvg-qwcw-qvc8", "reference_id": "GHSA-mfvg-qwcw-qvc8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mfvg-qwcw-qvc8" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8", "reference_id": "GHSA-mfvg-qwcw-qvc8", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:30:57Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64369?format=api", "purl": "pkg:composer/baserproject/basercms@4.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-zxns-tzw3-27fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.5" } ], "aliases": [ "CVE-2023-25655", "GHSA-mfvg-qwcw-qvc8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zsgc-fnen-b7a6" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40021?format=api", "vulnerability_id": "VCID-2u6y-aj6t-7fb1", "summary": "Improper Privilege Management\nbaserCMS allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.", "references": [ { "reference_url": "http://jvn.jp/en/jp/JVN67881316/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN67881316/index.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0573", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38572", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38483", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0573" }, { "reference_url": "https://basercms.net/security/JVN67881316", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN67881316" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0573", "reference_id": "CVE-2018-0573", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0573" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150431?format=api", "purl": "pkg:composer/baserproject/basercms@3.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-9mf7-56fh-fyfk" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-d5gk-q2hh-kba5" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-gsg3-fdmu-vqag" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p6nr-eu91-53b4" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-vqx2-hzju-r7et" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/55952?format=api", "purl": "pkg:composer/baserproject/basercms@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-9mf7-56fh-fyfk" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-d5gk-q2hh-kba5" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-gsg3-fdmu-vqag" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p6nr-eu91-53b4" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-twf5-bzba-gqb4" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-vqx2-hzju-r7et" }, { "vulnerability": "VCID-wvnk-63hy-ykeq" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-xxud-7jsh-bbc1" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1" } ], "aliases": [ "CVE-2018-0573", "GHSA-33fq-qm4m-cjw3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2u6y-aj6t-7fb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40020?format=api", "vulnerability_id": "VCID-6trr-5deb-yydm", "summary": "Unrestricted Upload of File with Dangerous Type\nbaserCMS allows remote attackers with a site operator privilege to upload arbitrary files.", "references": [ { "reference_url": "http://jvn.jp/en/jp/JVN67881316/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN67881316/index.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0571", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37611", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37518", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0571" }, { "reference_url": "https://basercms.net/security/JVN67881316", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN67881316" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0571", "reference_id": "CVE-2018-0571", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0571" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150431?format=api", "purl": "pkg:composer/baserproject/basercms@3.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-9mf7-56fh-fyfk" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-d5gk-q2hh-kba5" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-gsg3-fdmu-vqag" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p6nr-eu91-53b4" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-vqx2-hzju-r7et" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/55952?format=api", "purl": "pkg:composer/baserproject/basercms@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-9mf7-56fh-fyfk" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-d5gk-q2hh-kba5" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-gsg3-fdmu-vqag" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p6nr-eu91-53b4" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-twf5-bzba-gqb4" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-vqx2-hzju-r7et" }, { "vulnerability": "VCID-wvnk-63hy-ykeq" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-xxud-7jsh-bbc1" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1" } ], "aliases": [ "CVE-2018-0571", "GHSA-3mcp-6rv6-c69g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6trr-5deb-yydm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40011?format=api", "vulnerability_id": "VCID-e4xa-jm9u-nked", "summary": "OS Command Injection\nbaserCMS allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.", "references": [ { "reference_url": "http://jvn.jp/en/jp/JVN67881316/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN67881316/index.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0569", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01", "scoring_system": "epss", "scoring_elements": "0.77368", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01", "scoring_system": "epss", "scoring_elements": "0.77339", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0569" }, { "reference_url": "https://basercms.net/security/JVN67881316", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN67881316" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0569", "reference_id": "CVE-2018-0569", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0569" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150431?format=api", "purl": "pkg:composer/baserproject/basercms@3.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-9mf7-56fh-fyfk" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-d5gk-q2hh-kba5" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-gsg3-fdmu-vqag" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p6nr-eu91-53b4" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-vqx2-hzju-r7et" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/55952?format=api", "purl": "pkg:composer/baserproject/basercms@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-9mf7-56fh-fyfk" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-d5gk-q2hh-kba5" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-gsg3-fdmu-vqag" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p6nr-eu91-53b4" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-twf5-bzba-gqb4" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-vqx2-hzju-r7et" }, { "vulnerability": "VCID-wvnk-63hy-ykeq" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-xxud-7jsh-bbc1" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1" } ], "aliases": [ "CVE-2018-0569", "GHSA-6j3p-vrph-j7qq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e4xa-jm9u-nked" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40008?format=api", "vulnerability_id": "VCID-ga9u-uv9b-tydr", "summary": "Cross-site Scripting\nCross-site scripting vulnerability in baserCMS allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "http://jvn.jp/en/jp/JVN67881316/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN67881316/index.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0570", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.4131", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41234", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0570" }, { "reference_url": "https://basercms.net/security/JVN67881316", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN67881316" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0570", "reference_id": "CVE-2018-0570", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0570" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150431?format=api", "purl": "pkg:composer/baserproject/basercms@3.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-9mf7-56fh-fyfk" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-d5gk-q2hh-kba5" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-gsg3-fdmu-vqag" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p6nr-eu91-53b4" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-vqx2-hzju-r7et" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/55952?format=api", "purl": "pkg:composer/baserproject/basercms@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-9mf7-56fh-fyfk" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-d5gk-q2hh-kba5" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-gsg3-fdmu-vqag" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p6nr-eu91-53b4" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-twf5-bzba-gqb4" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-vqx2-hzju-r7et" }, { "vulnerability": "VCID-wvnk-63hy-ykeq" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-xxud-7jsh-bbc1" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1" } ], "aliases": [ "CVE-2018-0570", "GHSA-994g-74gq-5qpr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ga9u-uv9b-tydr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40015?format=api", "vulnerability_id": "VCID-r4jc-22rq-d3cb", "summary": "Information Exposure\nbaserCMS allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.", "references": [ { "reference_url": "http://jvn.jp/en/jp/JVN67881316/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN67881316/index.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0575", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37823", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37914", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0575" }, { "reference_url": "https://basercms.net/security/JVN67881316", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN67881316" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0575", "reference_id": "CVE-2018-0575", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0575" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150431?format=api", "purl": "pkg:composer/baserproject/basercms@3.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-9mf7-56fh-fyfk" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-d5gk-q2hh-kba5" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-gsg3-fdmu-vqag" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p6nr-eu91-53b4" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-vqx2-hzju-r7et" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/55952?format=api", "purl": "pkg:composer/baserproject/basercms@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-9mf7-56fh-fyfk" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-d5gk-q2hh-kba5" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-gsg3-fdmu-vqag" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p6nr-eu91-53b4" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-twf5-bzba-gqb4" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-vqx2-hzju-r7et" }, { "vulnerability": "VCID-wvnk-63hy-ykeq" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-xxud-7jsh-bbc1" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1" } ], "aliases": [ "CVE-2018-0575", "GHSA-w935-p7mg-xc96" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r4jc-22rq-d3cb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40004?format=api", "vulnerability_id": "VCID-yesf-qxgy-3ygx", "summary": "Improper Access Control\nbaserCMS allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors.", "references": [ { "reference_url": "http://jvn.jp/en/jp/JVN67881316/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN67881316/index.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0572", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41135", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.4106", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0572" }, { "reference_url": "https://basercms.net/security/JVN67881316", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN67881316" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0572", "reference_id": "CVE-2018-0572", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0572" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150431?format=api", "purl": "pkg:composer/baserproject/basercms@3.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-9mf7-56fh-fyfk" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-d5gk-q2hh-kba5" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-gsg3-fdmu-vqag" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p6nr-eu91-53b4" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-vqx2-hzju-r7et" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/55952?format=api", "purl": "pkg:composer/baserproject/basercms@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-9mf7-56fh-fyfk" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-d5gk-q2hh-kba5" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-gsg3-fdmu-vqag" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p6nr-eu91-53b4" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-twf5-bzba-gqb4" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-vqx2-hzju-r7et" }, { "vulnerability": "VCID-wvnk-63hy-ykeq" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-xxud-7jsh-bbc1" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1" } ], "aliases": [ "CVE-2018-0572", "GHSA-mjj9-33j8-pfwh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yesf-qxgy-3ygx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40018?format=api", "vulnerability_id": "VCID-zy68-bur9-1fck", "summary": "Cross-site Scripting\nCross-site scripting vulnerability in baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "http://jvn.jp/en/jp/JVN67881316/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN67881316/index.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0574", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49663", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49601", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0574" }, { "reference_url": "https://basercms.net/security/JVN67881316", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN67881316" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0574", "reference_id": "CVE-2018-0574", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0574" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150431?format=api", "purl": "pkg:composer/baserproject/basercms@3.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-9mf7-56fh-fyfk" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-d5gk-q2hh-kba5" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-gsg3-fdmu-vqag" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p6nr-eu91-53b4" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-vqx2-hzju-r7et" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/55952?format=api", "purl": "pkg:composer/baserproject/basercms@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-5ay3-1t5g-vycu" }, { "vulnerability": "VCID-891u-x525-ykbb" }, { "vulnerability": "VCID-9mf7-56fh-fyfk" }, { "vulnerability": "VCID-ays7-6wvh-augt" }, { "vulnerability": "VCID-d5gk-q2hh-kba5" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-g56w-z9cx-5ygv" }, { "vulnerability": "VCID-ggv8-3v9t-mfea" }, { "vulnerability": "VCID-gsg3-fdmu-vqag" }, { "vulnerability": "VCID-hpk4-a6tr-3ffe" }, { "vulnerability": "VCID-j37y-gws9-ake9" }, { "vulnerability": "VCID-jby7-s5ez-dqb3" }, { "vulnerability": "VCID-k575-suuf-7bhf" }, { "vulnerability": "VCID-kmpp-6j49-pqfz" }, { "vulnerability": "VCID-nxrf-64er-xbfx" }, { "vulnerability": "VCID-p6nr-eu91-53b4" }, { "vulnerability": "VCID-pd8c-9d7z-zkhg" }, { "vulnerability": "VCID-twf5-bzba-gqb4" }, { "vulnerability": "VCID-u16w-rbuk-ybfs" }, { "vulnerability": "VCID-uedz-j2vn-cbea" }, { "vulnerability": "VCID-vqx2-hzju-r7et" }, { "vulnerability": "VCID-wvnk-63hy-ykeq" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-xxud-7jsh-bbc1" }, { "vulnerability": "VCID-zsgc-fnen-b7a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1" } ], "aliases": [ "CVE-2018-0574", "GHSA-6qjv-43mf-rgrh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zy68-bur9-1fck" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1" }