Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/baserproject/basercms@3.0.16
purl pkg:composer/baserproject/basercms@3.0.16
Next non-vulnerable version 4.4.5
Latest non-vulnerable version 5.2.3
Risk
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-1q79-sxzp-zker
Aliases:
CVE-2021-20682
GHSA-g39q-f4rm-85x4
OS Command Injection baserCMS allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.
4.4.5
Affected by 0 other vulnerabilities.
VCID-9mf7-56fh-fyfk
Aliases:
CVE-2018-18943
GHSA-fx2m-5m9v-jhgp
Cross-site Scripting An issue was discovered in baserCMS In the Register New Category feature of the Upload menu, the category name can be used for XSS via the `data[UploaderCategory][name]` parameter to an `admin/uploader/uploader_categories/edit` URI.
4.1.4
Affected by 9 other vulnerabilities.
VCID-d5gk-q2hh-kba5
Aliases:
CVE-2020-15154
GHSA-cpxc-67rc-c775
Cross-site Scripting baserCMS `content_info.php`, `content_options.php`, `content_related.php`, `index_list_tree.php`, `jquery.bcTree.js`.
4.3.7
Affected by 6 other vulnerabilities.
VCID-eq7f-n3g5-s3hu
Aliases:
CVE-2021-20681
GHSA-24p5-x9f9-vvpx
Cross-site Scripting Improper neutralization of JavaScript input in the page editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
4.4.5
Affected by 0 other vulnerabilities.
VCID-gsg3-fdmu-vqag
Aliases:
CVE-2018-18942
GHSA-rjc2-x53r-6c9r
Improper Input Validation baserCMS allows remote attackers to execute arbitrary PHP code via the `admin/theme_configs/form`.
4.1.4
Affected by 9 other vulnerabilities.
VCID-p6nr-eu91-53b4
Aliases:
CVE-2020-15159
GHSA-673x-f5wx-fxpw
Cross-site Scripting baserCMS is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The affected components are `ThemeFilesController.php` and `UploaderFilesController.php`.
4.3.7
Affected by 6 other vulnerabilities.
VCID-vqx2-hzju-r7et
Aliases:
CVE-2020-15155
GHSA-4r3m-j6x5-48m3
Cross-site Scripting baserCMS is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is `toolbar.php`.
4.3.7
Affected by 6 other vulnerabilities.
VCID-xpsb-2yux-g3cf
Aliases:
CVE-2021-20683
GHSA-v9w8-hq92-v39m
Cross-site Scripting Improper neutralization of JavaScript input in the blog article editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
4.4.5
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (7)
Vulnerability Summary Aliases
VCID-2u6y-aj6t-7fb1 Improper Privilege Management baserCMS allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors. CVE-2018-0573
GHSA-33fq-qm4m-cjw3
VCID-6trr-5deb-yydm Unrestricted Upload of File with Dangerous Type baserCMS allows remote attackers with a site operator privilege to upload arbitrary files. CVE-2018-0571
GHSA-3mcp-6rv6-c69g
VCID-e4xa-jm9u-nked OS Command Injection baserCMS allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors. CVE-2018-0569
GHSA-6j3p-vrph-j7qq
VCID-ga9u-uv9b-tydr Cross-site Scripting Cross-site scripting vulnerability in baserCMS allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. CVE-2018-0570
GHSA-994g-74gq-5qpr
VCID-r4jc-22rq-d3cb Information Exposure baserCMS allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors. CVE-2018-0575
GHSA-w935-p7mg-xc96
VCID-yesf-qxgy-3ygx Improper Access Control baserCMS allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors. CVE-2018-0572
GHSA-mjj9-33j8-pfwh
VCID-zy68-bur9-1fck Cross-site Scripting Cross-site scripting vulnerability in baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CVE-2018-0574
GHSA-6qjv-43mf-rgrh

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-04T20:47:39.002743+00:00 GitLab Importer Affected by VCID-eq7f-n3g5-s3hu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2021-20681.yml 38.6.0
2026-06-04T20:47:35.090650+00:00 GitLab Importer Affected by VCID-xpsb-2yux-g3cf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2021-20683.yml 38.6.0
2026-06-04T20:47:34.680450+00:00 GitLab Importer Affected by VCID-1q79-sxzp-zker https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2021-20682.yml 38.6.0
2026-06-04T20:34:32.722786+00:00 GitLab Importer Affected by VCID-d5gk-q2hh-kba5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2020-15154.yml 38.6.0
2026-06-04T20:34:32.334909+00:00 GitLab Importer Affected by VCID-vqx2-hzju-r7et https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2020-15155.yml 38.6.0
2026-06-04T20:34:31.633672+00:00 GitLab Importer Affected by VCID-p6nr-eu91-53b4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2020-15159.yml 38.6.0
2026-06-04T20:16:47.933426+00:00 GitLab Importer Affected by VCID-9mf7-56fh-fyfk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2018-18943.yml 38.6.0
2026-06-04T20:16:47.639667+00:00 GitLab Importer Affected by VCID-gsg3-fdmu-vqag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2018-18942.yml 38.6.0
2026-06-04T20:13:26.376802+00:00 GitLab Importer Fixing VCID-2u6y-aj6t-7fb1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2018-0573.yml 38.6.0
2026-06-04T20:13:26.230768+00:00 GitLab Importer Fixing VCID-6trr-5deb-yydm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2018-0571.yml 38.6.0
2026-06-04T20:13:25.802445+00:00 GitLab Importer Fixing VCID-zy68-bur9-1fck https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2018-0574.yml 38.6.0
2026-06-04T20:13:24.547625+00:00 GitLab Importer Fixing VCID-r4jc-22rq-d3cb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2018-0575.yml 38.6.0
2026-06-04T20:13:23.780334+00:00 GitLab Importer Fixing VCID-e4xa-jm9u-nked https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2018-0569.yml 38.6.0
2026-06-04T20:13:23.530498+00:00 GitLab Importer Fixing VCID-ga9u-uv9b-tydr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2018-0570.yml 38.6.0
2026-06-04T20:13:22.945815+00:00 GitLab Importer Fixing VCID-yesf-qxgy-3ygx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2018-0572.yml 38.6.0
2026-06-04T17:58:39.749331+00:00 GithubOSV Importer Fixing VCID-2u6y-aj6t-7fb1 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-33fq-qm4m-cjw3/GHSA-33fq-qm4m-cjw3.json 38.6.0
2026-06-04T17:54:13.637134+00:00 GithubOSV Importer Fixing VCID-6trr-5deb-yydm https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3mcp-6rv6-c69g/GHSA-3mcp-6rv6-c69g.json 38.6.0
2026-06-04T17:54:07.892917+00:00 GithubOSV Importer Fixing VCID-yesf-qxgy-3ygx https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mjj9-33j8-pfwh/GHSA-mjj9-33j8-pfwh.json 38.6.0