Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/77909?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/77909?format=api", "purl": "pkg:composer/baserproject/basercms@4.3.6", "type": "composer", "namespace": "baserproject", "name": "basercms", "version": "4.3.6", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.4.5", "latest_non_vulnerable_version": "5.2.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54253?format=api", "vulnerability_id": "VCID-1q79-sxzp-zker", "summary": "OS Command Injection\nbaserCMS allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20682", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02357", "scoring_system": "epss", "scoring_elements": "0.8521", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20682" }, { "reference_url": "https://basercms.net/security/JVN64869876", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN64869876" }, { "reference_url": "https://jvn.jp/en/jp/JVN64869876/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jvn.jp/en/jp/JVN64869876/index.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20682", "reference_id": "CVE-2021-20682", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20682" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80118?format=api", "purl": "pkg:composer/baserproject/basercms@4.4.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.5" } ], "aliases": [ "CVE-2021-20682", "GHSA-g39q-f4rm-85x4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1q79-sxzp-zker" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52933?format=api", "vulnerability_id": "VCID-d5gk-q2hh-kba5", "summary": "Cross-site Scripting\nbaserCMS `content_info.php`, `content_options.php`, `content_related.php`, `index_list_tree.php`, `jquery.bcTree.js`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15154", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.74124", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15154" }, { "reference_url": "https://basercms.net/security/20200827", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/20200827" }, { "reference_url": "https://github.com/baserproject/basercms/commit/7f4b905b90954e394ec10dd35bad2a5dec505371", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/7f4b905b90954e394ec10dd35bad2a5dec505371" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15154", "reference_id": "CVE-2020-15154", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77910?format=api", "purl": "pkg:composer/baserproject/basercms@4.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-twf5-bzba-gqb4" }, { "vulnerability": "VCID-wvnk-63hy-ykeq" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-xxud-7jsh-bbc1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.3.7" } ], "aliases": [ "CVE-2020-15154", "GHSA-cpxc-67rc-c775" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d5gk-q2hh-kba5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54257?format=api", "vulnerability_id": "VCID-eq7f-n3g5-s3hu", "summary": "Cross-site Scripting\nImproper neutralization of JavaScript input in the page editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20681", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42327", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20681" }, { "reference_url": "https://basercms.net/security/JVN64869876", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN64869876" }, { "reference_url": "https://jvn.jp/en/jp/JVN64869876/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jvn.jp/en/jp/JVN64869876/index.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20681", "reference_id": "CVE-2021-20681", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20681" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80118?format=api", "purl": "pkg:composer/baserproject/basercms@4.4.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.5" } ], "aliases": [ "CVE-2021-20681", "GHSA-24p5-x9f9-vvpx" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eq7f-n3g5-s3hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52930?format=api", "vulnerability_id": "VCID-p6nr-eu91-53b4", "summary": "Cross-site Scripting\nbaserCMS is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The affected components are `ThemeFilesController.php` and `UploaderFilesController.php`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15159", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01563", "scoring_system": "epss", "scoring_elements": "0.81826", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15159" }, { "reference_url": "https://basercms.net/security/20200827", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/20200827" }, { "reference_url": "https://github.com/baserproject/basercms/commit/16a7b3cd09a0ca355474119c76897eac2034a66d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/16a7b3cd09a0ca355474119c76897eac2034a66d" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-673x-f5wx-fxpw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-673x-f5wx-fxpw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15159", "reference_id": "CVE-2020-15159", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15159" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77910?format=api", "purl": "pkg:composer/baserproject/basercms@4.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-twf5-bzba-gqb4" }, { "vulnerability": "VCID-wvnk-63hy-ykeq" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-xxud-7jsh-bbc1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.3.7" } ], "aliases": [ "CVE-2020-15159", "GHSA-673x-f5wx-fxpw" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p6nr-eu91-53b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53745?format=api", "vulnerability_id": "VCID-twf5-bzba-gqb4", "summary": "Cross-site Scripting\nbaserCMS is vulnerable to Cross-Site Scripting. The issue affects the following components; Edit feed settings, Edit widget area, Sub site new registration, and New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, sub-site setting list, widget area edit, and feed list on the management screen.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15273", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61932", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15273" }, { "reference_url": "https://github.com/baserproject/basercms/commit/b70474ef9dcee6ad8826360884625dc7ca9041a1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/b70474ef9dcee6ad8826360884625dc7ca9041a1" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-wpww-4jf4-4hx8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-wpww-4jf4-4hx8" }, { "reference_url": "https://packagist.org/packages/baserproject/basercms", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packagist.org/packages/baserproject/basercms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15273", "reference_id": "CVE-2020-15273", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15273" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79034?format=api", "purl": "pkg:composer/baserproject/basercms@4.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.1" } ], "aliases": [ "CVE-2020-15273", "GHSA-wpww-4jf4-4hx8" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-twf5-bzba-gqb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52932?format=api", "vulnerability_id": "VCID-vqx2-hzju-r7et", "summary": "Cross-site Scripting\nbaserCMS is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is `toolbar.php`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15155", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75527", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15155" }, { "reference_url": "https://basercms.net/security/20200827", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/20200827" }, { "reference_url": "https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15155", "reference_id": "CVE-2020-15155", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15155" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77910?format=api", "purl": "pkg:composer/baserproject/basercms@4.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-twf5-bzba-gqb4" }, { "vulnerability": "VCID-wvnk-63hy-ykeq" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" }, { "vulnerability": "VCID-xxud-7jsh-bbc1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.3.7" } ], "aliases": [ "CVE-2020-15155", "GHSA-4r3m-j6x5-48m3" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vqx2-hzju-r7et" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53748?format=api", "vulnerability_id": "VCID-wvnk-63hy-ykeq", "summary": "Cross-site Scripting\nbaserCMS is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a specially crafted nickname in the blog comments. The issue affects the blog comment component.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15276", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69606", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15276" }, { "reference_url": "https://basercms.net/security/20201029", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/20201029" }, { "reference_url": "https://github.com/baserproject/basercms/commit/d14f506385f21d67d5ff3462f204d4c2321b7c54", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/d14f506385f21d67d5ff3462f204d4c2321b7c54" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw5q-j9p4-3vxg", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw5q-j9p4-3vxg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15276", "reference_id": "CVE-2020-15276", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15276" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79034?format=api", "purl": "pkg:composer/baserproject/basercms@4.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.1" } ], "aliases": [ "CVE-2020-15276", "GHSA-fw5q-j9p4-3vxg" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wvnk-63hy-ykeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54254?format=api", "vulnerability_id": "VCID-xpsb-2yux-g3cf", "summary": "Cross-site Scripting\nImproper neutralization of JavaScript input in the blog article editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20683", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42327", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20683" }, { "reference_url": "https://basercms.net/security/JVN64869876", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/JVN64869876" }, { "reference_url": "https://github.com/baserproject/basercms/commit/88ccc61e5656b05dd13204d61de706efaa2cd0b1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/88ccc61e5656b05dd13204d61de706efaa2cd0b1" }, { "reference_url": "https://jvn.jp/en/jp/JVN64869876/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jvn.jp/en/jp/JVN64869876/index.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20683", "reference_id": "CVE-2021-20683", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20683" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80118?format=api", "purl": "pkg:composer/baserproject/basercms@4.4.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.5" } ], "aliases": [ "CVE-2021-20683", "GHSA-v9w8-hq92-v39m" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xpsb-2yux-g3cf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53746?format=api", "vulnerability_id": "VCID-xxud-7jsh-bbc1", "summary": "Unrestricted Upload of File with Dangerous Type\nbaserCMS Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The `Edit template` component was found to be vulnerable.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03225", "scoring_system": "epss", "scoring_elements": "0.87299", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15277" }, { "reference_url": "https://basercms.net/security/20201029", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://basercms.net/security/20201029" }, { "reference_url": "https://github.com/baserproject/basercms/commit/bb027c3967b0430adcff2d2fedbc23d39077563b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/commit/bb027c3967b0430adcff2d2fedbc23d39077563b" }, { "reference_url": "https://github.com/baserproject/basercms/security/advisories/GHSA-6fmv-q269-55cw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-6fmv-q269-55cw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15277", "reference_id": "CVE-2020-15277", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15277" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79034?format=api", "purl": "pkg:composer/baserproject/basercms@4.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q79-sxzp-zker" }, { "vulnerability": "VCID-eq7f-n3g5-s3hu" }, { "vulnerability": "VCID-xpsb-2yux-g3cf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.1" } ], "aliases": [ "CVE-2020-15277", "GHSA-6fmv-q269-55cw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xxud-7jsh-bbc1" } ], "fixing_vulnerabilities": [], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.3.6" }