VulnerableCode Package Details - pkg:composer/baserproject/basercms@4.0.0-beta

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/baserproject/basercms@4.0.0-beta

Essentials
History (8)

purl	pkg:composer/baserproject/basercms@4.0.0-beta

Next non-vulnerable version	4.4.5
Latest non-vulnerable version	5.2.3
Risk	4.0

Vulnerabilities affecting this package (8)

Vulnerability	Summary	Fixed by
VCID-1q79-sxzp-zker Aliases: CVE-2021-20682 GHSA-g39q-f4rm-85x4	OS Command Injection baserCMS allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.	4.4.5 Affected by 0 other vulnerabilities.
VCID-9mf7-56fh-fyfk Aliases: CVE-2018-18943 GHSA-fx2m-5m9v-jhgp	Cross-site Scripting An issue was discovered in baserCMS In the Register New Category feature of the Upload menu, the category name can be used for XSS via the `data[UploaderCategory][name]` parameter to an `admin/uploader/uploader_categories/edit` URI.	4.1.4 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-d5gk-q2hh-kba5 Aliases: CVE-2020-15154 GHSA-cpxc-67rc-c775	Cross-site Scripting baserCMS `content_info.php`, `content_options.php`, `content_related.php`, `index_list_tree.php`, `jquery.bcTree.js`.	4.3.7 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-eq7f-n3g5-s3hu Aliases: CVE-2021-20681 GHSA-24p5-x9f9-vvpx	Cross-site Scripting Improper neutralization of JavaScript input in the page editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.	4.4.5 Affected by 0 other vulnerabilities.
VCID-gsg3-fdmu-vqag Aliases: CVE-2018-18942 GHSA-rjc2-x53r-6c9r	Improper Input Validation baserCMS allows remote attackers to execute arbitrary PHP code via the `admin/theme_configs/form`.	4.1.4 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-p6nr-eu91-53b4 Aliases: CVE-2020-15159 GHSA-673x-f5wx-fxpw	Cross-site Scripting baserCMS is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The affected components are `ThemeFilesController.php` and `UploaderFilesController.php`.	4.3.7 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vqx2-hzju-r7et Aliases: CVE-2020-15155 GHSA-4r3m-j6x5-48m3	Cross-site Scripting baserCMS is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is `toolbar.php`.	4.3.7 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xpsb-2yux-g3cf Aliases: CVE-2021-20683 GHSA-v9w8-hq92-v39m	Cross-site Scripting Improper neutralization of JavaScript input in the blog article editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.	4.4.5 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:47:39.007053+00:00	GitLab Importer	Affected by	VCID-eq7f-n3g5-s3hu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2021-20681.yml	38.6.0
2026-06-04T20:47:35.094684+00:00	GitLab Importer	Affected by	VCID-xpsb-2yux-g3cf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2021-20683.yml	38.6.0
2026-06-04T20:47:34.684772+00:00	GitLab Importer	Affected by	VCID-1q79-sxzp-zker	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2021-20682.yml	38.6.0
2026-06-04T20:34:32.727293+00:00	GitLab Importer	Affected by	VCID-d5gk-q2hh-kba5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2020-15154.yml	38.6.0
2026-06-04T20:34:32.339244+00:00	GitLab Importer	Affected by	VCID-vqx2-hzju-r7et	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2020-15155.yml	38.6.0
2026-06-04T20:34:31.640749+00:00	GitLab Importer	Affected by	VCID-p6nr-eu91-53b4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2020-15159.yml	38.6.0
2026-06-04T20:16:47.937535+00:00	GitLab Importer	Affected by	VCID-9mf7-56fh-fyfk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2018-18943.yml	38.6.0
2026-06-04T20:16:47.644637+00:00	GitLab Importer	Affected by	VCID-gsg3-fdmu-vqag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2018-18942.yml	38.6.0