VulnerableCode Package Details - pkg:composer/baserproject/basercms@4.4.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-1q79-sxzp-zker Aliases: CVE-2021-20682 GHSA-g39q-f4rm-85x4	OS Command Injection baserCMS allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.	4.4.5 Affected by 0 other vulnerabilities.
VCID-eq7f-n3g5-s3hu Aliases: CVE-2021-20681 GHSA-24p5-x9f9-vvpx	Cross-site Scripting Improper neutralization of JavaScript input in the page editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.	4.4.5 Affected by 0 other vulnerabilities.
VCID-xpsb-2yux-g3cf Aliases: CVE-2021-20683 GHSA-v9w8-hq92-v39m	Cross-site Scripting Improper neutralization of JavaScript input in the blog article editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.	4.4.5 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1q79-sxzp-zker
Aliases:
CVE-2021-20682
GHSA-g39q-f4rm-85x4

OS Command Injection baserCMS allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.

4.4.5
Affected by 0 other vulnerabilities.

VCID-eq7f-n3g5-s3hu
Aliases:
CVE-2021-20681
GHSA-24p5-x9f9-vvpx

Cross-site Scripting Improper neutralization of JavaScript input in the page editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.

4.4.5
Affected by 0 other vulnerabilities.

VCID-xpsb-2yux-g3cf
Aliases:
CVE-2021-20683
GHSA-v9w8-hq92-v39m

Cross-site Scripting Improper neutralization of JavaScript input in the blog article editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.

4.4.5
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-twf5-bzba-gqb4	Cross-site Scripting baserCMS is vulnerable to Cross-Site Scripting. The issue affects the following components; Edit feed settings, Edit widget area, Sub site new registration, and New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, sub-site setting list, widget area edit, and feed list on the management screen.	CVE-2020-15273 GHSA-wpww-4jf4-4hx8
VCID-wvnk-63hy-ykeq	Cross-site Scripting baserCMS is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a specially crafted nickname in the blog comments. The issue affects the blog comment component.	CVE-2020-15276 GHSA-fw5q-j9p4-3vxg
VCID-xxud-7jsh-bbc1	Unrestricted Upload of File with Dangerous Type baserCMS Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The `Edit template` component was found to be vulnerable.	CVE-2020-15277 GHSA-6fmv-q269-55cw

Vulnerability

Summary

Aliases

VCID-twf5-bzba-gqb4

Cross-site Scripting baserCMS is vulnerable to Cross-Site Scripting. The issue affects the following components; Edit feed settings, Edit widget area, Sub site new registration, and New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, sub-site setting list, widget area edit, and feed list on the management screen.

CVE-2020-15273
GHSA-wpww-4jf4-4hx8

VCID-wvnk-63hy-ykeq

Cross-site Scripting baserCMS is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a specially crafted nickname in the blog comments. The issue affects the blog comment component.

CVE-2020-15276
GHSA-fw5q-j9p4-3vxg

VCID-xxud-7jsh-bbc1

Unrestricted Upload of File with Dangerous Type baserCMS Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The `Edit template` component was found to be vulnerable.

CVE-2020-15277
GHSA-6fmv-q269-55cw

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:47:39.196162+00:00	GitLab Importer	Affected by	VCID-eq7f-n3g5-s3hu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2021-20681.yml	38.6.0
2026-06-04T20:47:35.271085+00:00	GitLab Importer	Affected by	VCID-xpsb-2yux-g3cf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2021-20683.yml	38.6.0
2026-06-04T20:47:34.860694+00:00	GitLab Importer	Affected by	VCID-1q79-sxzp-zker	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2021-20682.yml	38.6.0
2026-06-04T17:24:17.094227+00:00	GithubOSV Importer	Fixing	VCID-twf5-bzba-gqb4	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/11/GHSA-wpww-4jf4-4hx8/GHSA-wpww-4jf4-4hx8.json	38.6.0
2026-06-04T17:21:21.136262+00:00	GithubOSV Importer	Fixing	VCID-xxud-7jsh-bbc1	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/10/GHSA-6fmv-q269-55cw/GHSA-6fmv-q269-55cw.json	38.6.0
2026-06-04T17:21:18.111131+00:00	GithubOSV Importer	Fixing	VCID-wvnk-63hy-ykeq	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/10/GHSA-fw5q-j9p4-3vxg/GHSA-fw5q-j9p4-3vxg.json	38.6.0
2026-06-04T16:20:34.252514+00:00	GitLab Importer	Fixing	VCID-wvnk-63hy-ykeq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2020-15276.yml	38.6.0
2026-06-04T16:20:34.210793+00:00	GitLab Importer	Fixing	VCID-xxud-7jsh-bbc1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2020-15277.yml	38.6.0
2026-06-04T16:20:34.188360+00:00	GitLab Importer	Fixing	VCID-twf5-bzba-gqb4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2020-15273.yml	38.6.0