{"url":"http://public2.vulnerablecode.io/api/packages/55952?format=json","purl":"pkg:composer/baserproject/basercms@4.1.1","type":"composer","namespace":"baserproject","name":"basercms","version":"4.1.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.1.2","latest_non_vulnerable_version":"5.2.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54253?format=json","vulnerability_id":"VCID-1q79-sxzp-zker","summary":"OS Command Injection\nbaserCMS allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20682","reference_id":"","reference_type":"","scores":[{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.8521","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.85235","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20682"},{"reference_url":"https://basercms.net/security/JVN64869876","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/JVN64869876"},{"reference_url":"https://jvn.jp/en/jp/JVN64869876/index.html","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jvn.jp/en/jp/JVN64869876/index.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20682","reference_id":"CVE-2021-20682","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20682"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80118?format=json","purl":"pkg:composer/baserproject/basercms@4.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.5"}],"aliases":["CVE-2021-20682","GHSA-g39q-f4rm-85x4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1q79-sxzp-zker"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41774?format=json","vulnerability_id":"VCID-5ay3-1t5g-vycu","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nBaserCMS is an open source content management system with a focus on Japanese language support. Users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41279","reference_id":"","reference_type":"","scores":[{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.6349","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63447","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41279"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/d8ab0a81a7bce35cc95ff7dff851a7e87a084336","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/commit/d8ab0a81a7bce35cc95ff7dff851a7e87a084336"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41279","reference_id":"CVE-2021-41279","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41279"},{"reference_url":"https://github.com/advisories/GHSA-4x2f-54wr-4hjg","reference_id":"GHSA-4x2f-54wr-4hjg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4x2f-54wr-4hjg"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-4x2f-54wr-4hjg","reference_id":"GHSA-4x2f-54wr-4hjg","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-4x2f-54wr-4hjg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59671?format=json","purl":"pkg:composer/baserproject/basercms@4.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.5.4"}],"aliases":["CVE-2021-41279","GHSA-4x2f-54wr-4hjg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ay3-1t5g-vycu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41773?format=json","vulnerability_id":"VCID-891u-x525-ykbb","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nThere is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41243","reference_id":"","reference_type":"","scores":[{"value":"0.02799","scoring_system":"epss","scoring_elements":"0.86405","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02799","scoring_system":"epss","scoring_elements":"0.86382","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41243"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/9088b99c329d1faff3a2f1269f37b9a9d8d5f6ff","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/commit/9088b99c329d1faff3a2f1269f37b9a9d8d5f6ff"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41243","reference_id":"CVE-2021-41243","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41243"},{"reference_url":"https://github.com/advisories/GHSA-7rpc-9m88-cf9w","reference_id":"GHSA-7rpc-9m88-cf9w","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7rpc-9m88-cf9w"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-7rpc-9m88-cf9w","reference_id":"GHSA-7rpc-9m88-cf9w","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-7rpc-9m88-cf9w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59671?format=json","purl":"pkg:composer/baserproject/basercms@4.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.5.4"}],"aliases":["CVE-2021-41243","GHSA-7rpc-9m88-cf9w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-891u-x525-ykbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40410?format=json","vulnerability_id":"VCID-9mf7-56fh-fyfk","summary":"Cross-site Scripting\nAn issue was discovered in baserCMS In the Register New Category feature of the Upload menu, the category name can be used for XSS via the `data[UploaderCategory][name]` parameter to an `admin/uploader/uploader_categories/edit` URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18943","reference_id":"","reference_type":"","scores":[{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.54037","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.54093","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18943"},{"reference_url":"https://basercms.net/release/4_1_4","reference_id":"","reference_type":"","scores":[],"url":"https://basercms.net/release/4_1_4"},{"reference_url":"https://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4"},{"reference_url":"https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18943","reference_id":"CVE-2018-18943","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18943"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56953?format=json","purl":"pkg:composer/baserproject/basercms@4.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.4"}],"aliases":["CVE-2018-18943","GHSA-fx2m-5m9v-jhgp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9mf7-56fh-fyfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109472?format=json","vulnerability_id":"VCID-ays7-6wvh-augt","summary":"baserCMS vulnerable to stored Cross-site Scripting\nStored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42486","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.3445","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34547","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42486"},{"reference_url":"https://basercms.net/security/JVN_53682526","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T16:01:40Z/"}],"url":"https://basercms.net/security/JVN_53682526"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://jvn.jp/en/jp/JVN53682526/index.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T16:01:40Z/"}],"url":"https://jvn.jp/en/jp/JVN53682526/index.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42486","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42486"},{"reference_url":"https://github.com/advisories/GHSA-7w2v-35j3-xrm9","reference_id":"GHSA-7w2v-35j3-xrm9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7w2v-35j3-xrm9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/146599?format=json","purl":"pkg:composer/baserproject/basercms@4.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-zsgc-fnen-b7a6"},{"vulnerability":"VCID-zxns-tzw3-27fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.2"}],"aliases":["CVE-2022-42486","GHSA-7w2v-35j3-xrm9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ays7-6wvh-augt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52933?format=json","vulnerability_id":"VCID-d5gk-q2hh-kba5","summary":"Cross-site Scripting\nbaserCMS `content_info.php`, `content_options.php`, `content_related.php`, `index_list_tree.php`, `jquery.bcTree.js`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15154","reference_id":"","reference_type":"","scores":[{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.74124","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.74157","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15154"},{"reference_url":"https://basercms.net/security/20200827","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/20200827"},{"reference_url":"https://github.com/baserproject/basercms/commit/7f4b905b90954e394ec10dd35bad2a5dec505371","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/commit/7f4b905b90954e394ec10dd35bad2a5dec505371"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-cpxc-67rc-c775"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15154","reference_id":"CVE-2020-15154","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15154"},{"reference_url":"https://github.com/advisories/GHSA-cpxc-67rc-c775","reference_id":"GHSA-cpxc-67rc-c775","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cpxc-67rc-c775"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77910?format=json","purl":"pkg:composer/baserproject/basercms@4.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.3.7"}],"aliases":["CVE-2020-15154","GHSA-cpxc-67rc-c775"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d5gk-q2hh-kba5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54257?format=json","vulnerability_id":"VCID-eq7f-n3g5-s3hu","summary":"Cross-site Scripting\nImproper neutralization of JavaScript input in the page editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20681","reference_id":"","reference_type":"","scores":[{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42327","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42402","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20681"},{"reference_url":"https://basercms.net/security/JVN64869876","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/JVN64869876"},{"reference_url":"https://jvn.jp/en/jp/JVN64869876/index.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jvn.jp/en/jp/JVN64869876/index.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20681","reference_id":"CVE-2021-20681","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20681"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80118?format=json","purl":"pkg:composer/baserproject/basercms@4.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.5"}],"aliases":["CVE-2021-20681","GHSA-24p5-x9f9-vvpx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eq7f-n3g5-s3hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46297?format=json","vulnerability_id":"VCID-g56w-z9cx-5ygv","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in baserproject/basercms.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29009","reference_id":"","reference_type":"","scores":[{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68361","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29009"},{"reference_url":"https://basercms.net/security/JVN_45547161","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:59:04Z/"}],"url":"https://basercms.net/security/JVN_45547161"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/919c3ccbbd7a2432967dcb2e428131cc7ad71bb2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/commit/919c3ccbbd7a2432967dcb2e428131cc7ad71bb2"},{"reference_url":"https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:59:04Z/"}],"url":"https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29009","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29009"},{"reference_url":"https://github.com/advisories/GHSA-8vqx-prq4-rqrq","reference_id":"GHSA-8vqx-prq4-rqrq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8vqx-prq4-rqrq"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq","reference_id":"GHSA-8vqx-prq4-rqrq","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:59:04Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67525?format=json","purl":"pkg:composer/baserproject/basercms@4.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-uedz-j2vn-cbea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/685977?format=json","purl":"pkg:composer/baserproject/basercms@5.0.0-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-uedz-j2vn-cbea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.0-beta1"}],"aliases":["CVE-2023-29009","GHSA-8vqx-prq4-rqrq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g56w-z9cx-5ygv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47107?format=json","vulnerability_id":"VCID-ggv8-3v9t-mfea","summary":"baserCMS Cross-site Scripting vulnerability in Site search Feature\nThere is a XSS Vulnerability in Site search Feature to baserCMS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44379","reference_id":"","reference_type":"","scores":[{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70549","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44379"},{"reference_url":"https://basercms.net/security/JVN_73283159","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:39:22Z/"}],"url":"https://basercms.net/security/JVN_73283159"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:39:22Z/"}],"url":"https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44379","reference_id":"CVE-2023-44379","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44379"},{"reference_url":"https://github.com/advisories/GHSA-66c2-p8rh-qx87","reference_id":"GHSA-66c2-p8rh-qx87","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-66c2-p8rh-qx87"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87","reference_id":"GHSA-66c2-p8rh-qx87","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:39:22Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69105?format=json","purl":"pkg:composer/baserproject/basercms@5.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-sqr4-v889-tff8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.9"}],"aliases":["CVE-2023-44379","GHSA-66c2-p8rh-qx87"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggv8-3v9t-mfea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40409?format=json","vulnerability_id":"VCID-gsg3-fdmu-vqag","summary":"Improper Input Validation\nbaserCMS allows remote attackers to execute arbitrary PHP code via the `admin/theme_configs/form`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18942","reference_id":"","reference_type":"","scores":[{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76457","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76486","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18942"},{"reference_url":"https://basercms.net/release/4_1_4","reference_id":"","reference_type":"","scores":[],"url":"https://basercms.net/release/4_1_4"},{"reference_url":"https://github.com/baserproject/basercms/issues/959","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/issues/959"},{"reference_url":"https://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200130073341/https://basercms.net/release/4_1_4"},{"reference_url":"https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS"},{"reference_url":"https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS/","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20211209034642/http://sunu11.com/2018/10/31/baserCMS/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18942","reference_id":"CVE-2018-18942","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18942"},{"reference_url":"https://github.com/advisories/GHSA-rjc2-x53r-6c9r","reference_id":"GHSA-rjc2-x53r-6c9r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rjc2-x53r-6c9r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56953?format=json","purl":"pkg:composer/baserproject/basercms@4.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.4"}],"aliases":["CVE-2018-18942","GHSA-rjc2-x53r-6c9r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gsg3-fdmu-vqag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41362?format=json","vulnerability_id":"VCID-hpk4-a6tr-3ffe","summary":"baserCMS is an open source content management system with a focus on Japanese language support. A Cross-site Scripting vulnerability has been identified.","references":[{"reference_url":"http://jvn.jp/en/jp/JVN14134801/index.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN14134801/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39136","reference_id":"","reference_type":"","scores":[{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67989","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.6795","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39136"},{"reference_url":"https://basercms.net/security/JVN_14134801","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/JVN_14134801"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bc","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bc"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39136","reference_id":"CVE-2021-39136","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39136"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58790?format=json","purl":"pkg:composer/baserproject/basercms@4.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.5.1"}],"aliases":["CVE-2021-39136","GHSA-hgjr-632x-qpp3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hpk4-a6tr-3ffe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44713?format=json","vulnerability_id":"VCID-j37y-gws9-ake9","summary":"Unrestricted Upload of File with Dangerous Type\nbaserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25654","reference_id":"","reference_type":"","scores":[{"value":"0.02083","scoring_system":"epss","scoring_elements":"0.84309","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02083","scoring_system":"epss","scoring_elements":"0.84332","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25654"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/"}],"url":"https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96"},{"reference_url":"https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/"}],"url":"https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359"},{"reference_url":"https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/"}],"url":"https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0"},{"reference_url":"https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/"}],"url":"https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25654","reference_id":"CVE-2023-25654","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25654"},{"reference_url":"https://github.com/advisories/GHSA-h4cc-fxpp-pgw9","reference_id":"GHSA-h4cc-fxpp-pgw9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h4cc-fxpp-pgw9"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9","reference_id":"GHSA-h4cc-fxpp-pgw9","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:31:00Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64369?format=json","purl":"pkg:composer/baserproject/basercms@4.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-zxns-tzw3-27fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.5"}],"aliases":["CVE-2023-25654","GHSA-h4cc-fxpp-pgw9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j37y-gws9-ake9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46310?format=json","vulnerability_id":"VCID-jby7-s5ez-dqb3","summary":"Cross-Site Request Forgery (CSRF) in baserproject/basercms.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43649","reference_id":"","reference_type":"","scores":[{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.3025","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43649"},{"reference_url":"https://basercms.net/security/JVN_99052047","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:21:18Z/"}],"url":"https://basercms.net/security/JVN_99052047"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:21:18Z/"}],"url":"https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43649","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43649"},{"reference_url":"https://github.com/advisories/GHSA-fw9x-cqjq-7jx5","reference_id":"GHSA-fw9x-cqjq-7jx5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fw9x-cqjq-7jx5"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5","reference_id":"GHSA-fw9x-cqjq-7jx5","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:21:18Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67525?format=json","purl":"pkg:composer/baserproject/basercms@4.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-uedz-j2vn-cbea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/67580?format=json","purl":"pkg:composer/baserproject/basercms@5.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-sqr4-v889-tff8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.0"}],"aliases":["CVE-2023-43649","GHSA-fw9x-cqjq-7jx5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jby7-s5ez-dqb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109461?format=json","vulnerability_id":"VCID-k575-suuf-7bhf","summary":"baserCMS vulnerable to stored Cross-site Scripting\nStored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41994","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34314","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34412","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41994"},{"reference_url":"https://basercms.net/security/JVN_53682526","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:27:38Z/"}],"url":"https://basercms.net/security/JVN_53682526"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://jvn.jp/en/jp/JVN53682526/index.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:27:38Z/"}],"url":"https://jvn.jp/en/jp/JVN53682526/index.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41994","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41994"},{"reference_url":"https://github.com/advisories/GHSA-vxwf-79ch-f7f7","reference_id":"GHSA-vxwf-79ch-f7f7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vxwf-79ch-f7f7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/146599?format=json","purl":"pkg:composer/baserproject/basercms@4.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-zsgc-fnen-b7a6"},{"vulnerability":"VCID-zxns-tzw3-27fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.2"}],"aliases":["CVE-2022-41994","GHSA-vxwf-79ch-f7f7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k575-suuf-7bhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56066?format=json","vulnerability_id":"VCID-khft-xvrw-g3dr","summary":"baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request\nXSS vulnerability in HTTP 400 Bad Request to baserCMS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46995","reference_id":"","reference_type":"","scores":[{"value":"0.0087","scoring_system":"epss","scoring_elements":"0.75582","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46995"},{"reference_url":"https://basercms.net/security/JVN_00876083","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/JVN_00876083"},{"reference_url":"https://basercms.net/security/JVN_06274755","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:15Z/"}],"url":"https://basercms.net/security/JVN_06274755"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46995","reference_id":"CVE-2024-46995","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46995"},{"reference_url":"https://github.com/advisories/GHSA-mr7q-fv7j-jcgv","reference_id":"GHSA-mr7q-fv7j-jcgv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mr7q-fv7j-jcgv"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-mr7q-fv7j-jcgv","reference_id":"GHSA-mr7q-fv7j-jcgv","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:15Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-mr7q-fv7j-jcgv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83045?format=json","purl":"pkg:composer/baserproject/basercms@5.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2"}],"aliases":["CVE-2024-46995","GHSA-mr7q-fv7j-jcgv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-khft-xvrw-g3dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110302?format=json","vulnerability_id":"VCID-kmpp-6j49-pqfz","summary":"baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability\nThere is a cross-site scripting vulnerability on the management system of baserCMS.\n\nThis is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.\nIf you are eligible, please update to the new version as soon as possible.\n\n### Target\nbaserCMS 4.7.1 and earlier versions.\n\n### Vulnerability\nExecution of malicious JavaScript code may alter the display of the page or leak cookie information.\n- In Favorite registration (CVE-2022-39325)\n- In Permission Settings (CVE-2022-41994)\n- In User group management (CVE-2022-42486)\n\n### Countermeasures\nUpdate to the latest version of baserCMS\n\n### Credits\n- Shogo Iyota@Mitsui Bussan Secure Directions, Inc.\n- YUYA KOTAKE@CARTA HOLDINGS, INC.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39325","reference_id":"","reference_type":"","scores":[{"value":"0.00687","scoring_system":"epss","scoring_elements":"0.72163","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00687","scoring_system":"epss","scoring_elements":"0.72122","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39325"},{"reference_url":"https://basercms.net/security/JVN_53682526","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:00Z/"}],"url":"https://basercms.net/security/JVN_53682526"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:00Z/"}],"url":"https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6"},{"reference_url":"https://github.com/baserproject/basercms/releases/tag/basercms-4.7.2","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/releases/tag/basercms-4.7.2"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:00Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39325","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39325"},{"reference_url":"https://github.com/advisories/GHSA-395x-wv32-44v5","reference_id":"GHSA-395x-wv32-44v5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-395x-wv32-44v5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/146599?format=json","purl":"pkg:composer/baserproject/basercms@4.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-zsgc-fnen-b7a6"},{"vulnerability":"VCID-zxns-tzw3-27fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.2"}],"aliases":["CVE-2022-39325","GHSA-395x-wv32-44v5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kmpp-6j49-pqfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56058?format=json","vulnerability_id":"VCID-mfm9-gsh3-ubg8","summary":"baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature\nXSS vulnerability in Blog posts feature to baserCMS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46996","reference_id":"","reference_type":"","scores":[{"value":"0.01236","scoring_system":"epss","scoring_elements":"0.79576","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46996"},{"reference_url":"https://basercms.net/security/JVN_00876083","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:22:34Z/"}],"url":"https://basercms.net/security/JVN_00876083"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46996","reference_id":"CVE-2024-46996","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46996"},{"reference_url":"https://github.com/advisories/GHSA-66jv-qrm3-vvfg","reference_id":"GHSA-66jv-qrm3-vvfg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-66jv-qrm3-vvfg"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-66jv-qrm3-vvfg","reference_id":"GHSA-66jv-qrm3-vvfg","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:22:34Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-66jv-qrm3-vvfg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83045?format=json","purl":"pkg:composer/baserproject/basercms@5.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2"}],"aliases":["CVE-2024-46996","GHSA-66jv-qrm3-vvfg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mfm9-gsh3-ubg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47109?format=json","vulnerability_id":"VCID-nxrf-64er-xbfx","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nbaserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26128","reference_id":"","reference_type":"","scores":[{"value":"0.02281","scoring_system":"epss","scoring_elements":"0.85006","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26128"},{"reference_url":"https://basercms.net/security/JVN_73283159","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-12T15:20:28Z/"}],"url":"https://basercms.net/security/JVN_73283159"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-12T15:20:28Z/"}],"url":"https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26128","reference_id":"CVE-2024-26128","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26128"},{"reference_url":"https://github.com/advisories/GHSA-jjxq-m8h3-4vw5","reference_id":"GHSA-jjxq-m8h3-4vw5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjxq-m8h3-4vw5"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5","reference_id":"GHSA-jjxq-m8h3-4vw5","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-12T15:20:28Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69105?format=json","purl":"pkg:composer/baserproject/basercms@5.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-sqr4-v889-tff8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.9"}],"aliases":["CVE-2024-26128","GHSA-jjxq-m8h3-4vw5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nxrf-64er-xbfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56065?format=json","vulnerability_id":"VCID-p695-t9ye-v3ga","summary":"baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature\nXSS vulnerability in Edit Email Form Settings Feature to baserCMS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46998","reference_id":"","reference_type":"","scores":[{"value":"0.01064","scoring_system":"epss","scoring_elements":"0.7805","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46998"},{"reference_url":"https://basercms.net/security/JVN_00876083","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/JVN_00876083"},{"reference_url":"https://basercms.net/security/JVN_98693329","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T20:01:19Z/"}],"url":"https://basercms.net/security/JVN_98693329"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46998","reference_id":"CVE-2024-46998","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46998"},{"reference_url":"https://github.com/advisories/GHSA-p3m2-mj3j-j49x","reference_id":"GHSA-p3m2-mj3j-j49x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p3m2-mj3j-j49x"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-p3m2-mj3j-j49x","reference_id":"GHSA-p3m2-mj3j-j49x","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"5.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T20:01:19Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-p3m2-mj3j-j49x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83045?format=json","purl":"pkg:composer/baserproject/basercms@5.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2"}],"aliases":["CVE-2024-46998","GHSA-p3m2-mj3j-j49x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p695-t9ye-v3ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52930?format=json","vulnerability_id":"VCID-p6nr-eu91-53b4","summary":"Cross-site Scripting\nbaserCMS is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The affected components are `ThemeFilesController.php` and `UploaderFilesController.php`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15159","reference_id":"","reference_type":"","scores":[{"value":"0.01563","scoring_system":"epss","scoring_elements":"0.8186","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01563","scoring_system":"epss","scoring_elements":"0.81826","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15159"},{"reference_url":"https://basercms.net/security/20200827","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/20200827"},{"reference_url":"https://github.com/baserproject/basercms/commit/16a7b3cd09a0ca355474119c76897eac2034a66d","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/commit/16a7b3cd09a0ca355474119c76897eac2034a66d"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-673x-f5wx-fxpw","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-673x-f5wx-fxpw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15159","reference_id":"CVE-2020-15159","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15159"},{"reference_url":"https://github.com/advisories/GHSA-673x-f5wx-fxpw","reference_id":"GHSA-673x-f5wx-fxpw","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-673x-f5wx-fxpw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77910?format=json","purl":"pkg:composer/baserproject/basercms@4.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.3.7"}],"aliases":["CVE-2020-15159","GHSA-673x-f5wx-fxpw"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p6nr-eu91-53b4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46312?format=json","vulnerability_id":"VCID-pd8c-9d7z-zkhg","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in baserproject/basercms.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43647","reference_id":"","reference_type":"","scores":[{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.69062","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43647"},{"reference_url":"https://basercms.net/security/JVN_24381990","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T20:12:52Z/"}],"url":"https://basercms.net/security/JVN_24381990"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T20:12:52Z/"}],"url":"https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43647","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43647"},{"reference_url":"https://github.com/advisories/GHSA-ggj4-78rm-6xgv","reference_id":"GHSA-ggj4-78rm-6xgv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-ggj4-78rm-6xgv"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv","reference_id":"GHSA-ggj4-78rm-6xgv","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T20:12:52Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67525?format=json","purl":"pkg:composer/baserproject/basercms@4.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-uedz-j2vn-cbea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/67580?format=json","purl":"pkg:composer/baserproject/basercms@5.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-sqr4-v889-tff8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.0"}],"aliases":["CVE-2023-43647","GHSA-ggj4-78rm-6xgv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pd8c-9d7z-zkhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56069?format=json","vulnerability_id":"VCID-sqr4-v889-tff8","summary":"baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature\nXSS vulnerability in Blog posts and Contents list Feature to baserCMS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46994","reference_id":"","reference_type":"","scores":[{"value":"0.01179","scoring_system":"epss","scoring_elements":"0.79112","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46994"},{"reference_url":"https://basercms.net/security/JVN_00876083","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:44Z/"}],"url":"https://basercms.net/security/JVN_00876083"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46994","reference_id":"CVE-2024-46994","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46994"},{"reference_url":"https://github.com/advisories/GHSA-wrjc-fmfq-w3jr","reference_id":"GHSA-wrjc-fmfq-w3jr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wrjc-fmfq-w3jr"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-wrjc-fmfq-w3jr","reference_id":"GHSA-wrjc-fmfq-w3jr","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:23:44Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-wrjc-fmfq-w3jr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83045?format=json","purl":"pkg:composer/baserproject/basercms@5.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.1.2"}],"aliases":["CVE-2024-46994","GHSA-wrjc-fmfq-w3jr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sqr4-v889-tff8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53745?format=json","vulnerability_id":"VCID-twf5-bzba-gqb4","summary":"Cross-site Scripting\nbaserCMS is vulnerable to Cross-Site Scripting. The issue affects the following components; Edit feed settings, Edit widget area, Sub site new registration, and New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, sub-site setting list, widget area edit, and feed list on the management screen.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15273","reference_id":"","reference_type":"","scores":[{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61981","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61932","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15273"},{"reference_url":"https://github.com/baserproject/basercms/commit/b70474ef9dcee6ad8826360884625dc7ca9041a1","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/commit/b70474ef9dcee6ad8826360884625dc7ca9041a1"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-wpww-4jf4-4hx8","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-wpww-4jf4-4hx8"},{"reference_url":"https://packagist.org/packages/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packagist.org/packages/baserproject/basercms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15273","reference_id":"CVE-2020-15273","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15273"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79034?format=json","purl":"pkg:composer/baserproject/basercms@4.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.1"}],"aliases":["CVE-2020-15273","GHSA-wpww-4jf4-4hx8"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-twf5-bzba-gqb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46308?format=json","vulnerability_id":"VCID-u16w-rbuk-ybfs","summary":"baserCMS Directory Traversal vulnerability in Form submission data management Feature\nThere is a Directory Traversal Vulnerability in Form submission data management Feature to baserCMS.\n\nThis is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users.\nIf you are eligible, please update to the new version as soon as possible.\n\n### Target\nbaserCMS 4.7.8 and earlier versions\n\n### Vulnerability\nThere is a possibility that information on the server may be obtained by a user who is logged in to the management screen.\n\n### Countermeasures\nUpdate to the latest version of baserCMS\n\nPlease refer to the following page to reference for more information.\nhttps://basercms.net/security/JVN_45547161\n\n### Credits\nShiga Takuma@BroadBand Security, Inc","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43648","reference_id":"","reference_type":"","scores":[{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52624","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43648"},{"reference_url":"https://basercms.net/security/JVN_81174674","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:22:00Z/"}],"url":"https://basercms.net/security/JVN_81174674"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:22:00Z/"}],"url":"https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43648","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43648"},{"reference_url":"https://github.com/advisories/GHSA-hmqj-gv2m-hq55","reference_id":"GHSA-hmqj-gv2m-hq55","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hmqj-gv2m-hq55"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55","reference_id":"GHSA-hmqj-gv2m-hq55","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:22:00Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67525?format=json","purl":"pkg:composer/baserproject/basercms@4.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-uedz-j2vn-cbea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/67580?format=json","purl":"pkg:composer/baserproject/basercms@5.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-sqr4-v889-tff8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.0"}],"aliases":["CVE-2023-43648","GHSA-hmqj-gv2m-hq55"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u16w-rbuk-ybfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47096?format=json","vulnerability_id":"VCID-uedz-j2vn-cbea","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nbaserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-51450","reference_id":"","reference_type":"","scores":[{"value":"0.00755","scoring_system":"epss","scoring_elements":"0.73646","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-51450"},{"reference_url":"https://basercms.net/security/JVN_09767360","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:32:12Z/"}],"url":"https://basercms.net/security/JVN_09767360"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:32:12Z/"}],"url":"https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-51450","reference_id":"CVE-2023-51450","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-51450"},{"reference_url":"https://github.com/advisories/GHSA-77fc-4cv5-hmfr","reference_id":"GHSA-77fc-4cv5-hmfr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-77fc-4cv5-hmfr"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr","reference_id":"GHSA-77fc-4cv5-hmfr","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:32:12Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69105?format=json","purl":"pkg:composer/baserproject/basercms@5.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-sqr4-v889-tff8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@5.0.9"}],"aliases":["CVE-2023-51450","GHSA-77fc-4cv5-hmfr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uedz-j2vn-cbea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52932?format=json","vulnerability_id":"VCID-vqx2-hzju-r7et","summary":"Cross-site Scripting\nbaserCMS is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is `toolbar.php`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15155","reference_id":"","reference_type":"","scores":[{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75527","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75555","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15155"},{"reference_url":"https://basercms.net/security/20200827","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/20200827"},{"reference_url":"https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15155","reference_id":"CVE-2020-15155","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15155"},{"reference_url":"https://github.com/advisories/GHSA-4r3m-j6x5-48m3","reference_id":"GHSA-4r3m-j6x5-48m3","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4r3m-j6x5-48m3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77910?format=json","purl":"pkg:composer/baserproject/basercms@4.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.3.7"}],"aliases":["CVE-2020-15155","GHSA-4r3m-j6x5-48m3"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vqx2-hzju-r7et"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53748?format=json","vulnerability_id":"VCID-wvnk-63hy-ykeq","summary":"Cross-site Scripting\nbaserCMS is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a specially crafted nickname in the blog comments. The issue affects the blog comment component.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15276","reference_id":"","reference_type":"","scores":[{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69606","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69646","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15276"},{"reference_url":"https://basercms.net/security/20201029","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/20201029"},{"reference_url":"https://github.com/baserproject/basercms/commit/d14f506385f21d67d5ff3462f204d4c2321b7c54","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/commit/d14f506385f21d67d5ff3462f204d4c2321b7c54"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-fw5q-j9p4-3vxg","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-fw5q-j9p4-3vxg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15276","reference_id":"CVE-2020-15276","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15276"},{"reference_url":"https://github.com/advisories/GHSA-fw5q-j9p4-3vxg","reference_id":"GHSA-fw5q-j9p4-3vxg","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fw5q-j9p4-3vxg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79034?format=json","purl":"pkg:composer/baserproject/basercms@4.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.1"}],"aliases":["CVE-2020-15276","GHSA-fw5q-j9p4-3vxg"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wvnk-63hy-ykeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54254?format=json","vulnerability_id":"VCID-xpsb-2yux-g3cf","summary":"Cross-site Scripting\nImproper neutralization of JavaScript input in the blog article editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20683","reference_id":"","reference_type":"","scores":[{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42402","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42327","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20683"},{"reference_url":"https://basercms.net/security/JVN64869876","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/JVN64869876"},{"reference_url":"https://github.com/baserproject/basercms/commit/88ccc61e5656b05dd13204d61de706efaa2cd0b1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/commit/88ccc61e5656b05dd13204d61de706efaa2cd0b1"},{"reference_url":"https://jvn.jp/en/jp/JVN64869876/index.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jvn.jp/en/jp/JVN64869876/index.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20683","reference_id":"CVE-2021-20683","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20683"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80118?format=json","purl":"pkg:composer/baserproject/basercms@4.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.5"}],"aliases":["CVE-2021-20683","GHSA-v9w8-hq92-v39m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xpsb-2yux-g3cf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53746?format=json","vulnerability_id":"VCID-xxud-7jsh-bbc1","summary":"Unrestricted Upload of File with Dangerous Type\nbaserCMS Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The `Edit template` component was found to be vulnerable.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15277","reference_id":"","reference_type":"","scores":[{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87299","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87321","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15277"},{"reference_url":"https://basercms.net/security/20201029","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/20201029"},{"reference_url":"https://github.com/baserproject/basercms/commit/bb027c3967b0430adcff2d2fedbc23d39077563b","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/commit/bb027c3967b0430adcff2d2fedbc23d39077563b"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-6fmv-q269-55cw","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-6fmv-q269-55cw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15277","reference_id":"CVE-2020-15277","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15277"},{"reference_url":"https://github.com/advisories/GHSA-6fmv-q269-55cw","reference_id":"GHSA-6fmv-q269-55cw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6fmv-q269-55cw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79034?format=json","purl":"pkg:composer/baserproject/basercms@4.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.4.1"}],"aliases":["CVE-2020-15277","GHSA-6fmv-q269-55cw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xxud-7jsh-bbc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44709?format=json","vulnerability_id":"VCID-zsgc-fnen-b7a6","summary":"Unrestricted Upload of File with Dangerous Type\nbaserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25655","reference_id":"","reference_type":"","scores":[{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68669","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.6871","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25655"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:30:57Z/"}],"url":"https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100"},{"reference_url":"https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:30:57Z/"}],"url":"https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd"},{"reference_url":"https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:30:57Z/"}],"url":"https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25655","reference_id":"CVE-2023-25655","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25655"},{"reference_url":"https://github.com/advisories/GHSA-mfvg-qwcw-qvc8","reference_id":"GHSA-mfvg-qwcw-qvc8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mfvg-qwcw-qvc8"},{"reference_url":"https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8","reference_id":"GHSA-mfvg-qwcw-qvc8","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:30:57Z/"}],"url":"https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64369?format=json","purl":"pkg:composer/baserproject/basercms@4.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-zxns-tzw3-27fr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.7.5"}],"aliases":["CVE-2023-25655","GHSA-mfvg-qwcw-qvc8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zsgc-fnen-b7a6"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40021?format=json","vulnerability_id":"VCID-2u6y-aj6t-7fb1","summary":"Improper Privilege Management\nbaserCMS allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.","references":[{"reference_url":"http://jvn.jp/en/jp/JVN67881316/index.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN67881316/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0573","reference_id":"","reference_type":"","scores":[{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38572","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38483","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0573"},{"reference_url":"https://basercms.net/security/JVN67881316","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/JVN67881316"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0573","reference_id":"CVE-2018-0573","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0573"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150431?format=json","purl":"pkg:composer/baserproject/basercms@3.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-9mf7-56fh-fyfk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-gsg3-fdmu-vqag"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.16"},{"url":"http://public2.vulnerablecode.io/api/packages/55952?format=json","purl":"pkg:composer/baserproject/basercms@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-9mf7-56fh-fyfk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-gsg3-fdmu-vqag"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1"}],"aliases":["CVE-2018-0573","GHSA-33fq-qm4m-cjw3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2u6y-aj6t-7fb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40020?format=json","vulnerability_id":"VCID-6trr-5deb-yydm","summary":"Unrestricted Upload of File with Dangerous Type\nbaserCMS allows remote attackers with a site operator privilege to upload arbitrary files.","references":[{"reference_url":"http://jvn.jp/en/jp/JVN67881316/index.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN67881316/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0571","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37611","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37518","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0571"},{"reference_url":"https://basercms.net/security/JVN67881316","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/JVN67881316"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0571","reference_id":"CVE-2018-0571","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0571"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150431?format=json","purl":"pkg:composer/baserproject/basercms@3.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-9mf7-56fh-fyfk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-gsg3-fdmu-vqag"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.16"},{"url":"http://public2.vulnerablecode.io/api/packages/55952?format=json","purl":"pkg:composer/baserproject/basercms@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-9mf7-56fh-fyfk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-gsg3-fdmu-vqag"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1"}],"aliases":["CVE-2018-0571","GHSA-3mcp-6rv6-c69g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6trr-5deb-yydm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40011?format=json","vulnerability_id":"VCID-e4xa-jm9u-nked","summary":"OS Command Injection\nbaserCMS allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.","references":[{"reference_url":"http://jvn.jp/en/jp/JVN67881316/index.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN67881316/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0569","reference_id":"","reference_type":"","scores":[{"value":"0.01","scoring_system":"epss","scoring_elements":"0.77368","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01","scoring_system":"epss","scoring_elements":"0.77339","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0569"},{"reference_url":"https://basercms.net/security/JVN67881316","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/JVN67881316"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0569","reference_id":"CVE-2018-0569","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0569"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150431?format=json","purl":"pkg:composer/baserproject/basercms@3.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-9mf7-56fh-fyfk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-gsg3-fdmu-vqag"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.16"},{"url":"http://public2.vulnerablecode.io/api/packages/55952?format=json","purl":"pkg:composer/baserproject/basercms@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-9mf7-56fh-fyfk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-gsg3-fdmu-vqag"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1"}],"aliases":["CVE-2018-0569","GHSA-6j3p-vrph-j7qq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e4xa-jm9u-nked"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40008?format=json","vulnerability_id":"VCID-ga9u-uv9b-tydr","summary":"Cross-site Scripting\nCross-site scripting vulnerability in baserCMS allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"http://jvn.jp/en/jp/JVN67881316/index.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN67881316/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0570","reference_id":"","reference_type":"","scores":[{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.4131","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41234","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0570"},{"reference_url":"https://basercms.net/security/JVN67881316","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/JVN67881316"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0570","reference_id":"CVE-2018-0570","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0570"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150431?format=json","purl":"pkg:composer/baserproject/basercms@3.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-9mf7-56fh-fyfk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-gsg3-fdmu-vqag"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.16"},{"url":"http://public2.vulnerablecode.io/api/packages/55952?format=json","purl":"pkg:composer/baserproject/basercms@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-9mf7-56fh-fyfk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-gsg3-fdmu-vqag"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1"}],"aliases":["CVE-2018-0570","GHSA-994g-74gq-5qpr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ga9u-uv9b-tydr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40015?format=json","vulnerability_id":"VCID-r4jc-22rq-d3cb","summary":"Information Exposure\nbaserCMS allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.","references":[{"reference_url":"http://jvn.jp/en/jp/JVN67881316/index.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN67881316/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0575","reference_id":"","reference_type":"","scores":[{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37823","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37914","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0575"},{"reference_url":"https://basercms.net/security/JVN67881316","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/JVN67881316"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0575","reference_id":"CVE-2018-0575","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0575"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150431?format=json","purl":"pkg:composer/baserproject/basercms@3.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-9mf7-56fh-fyfk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-gsg3-fdmu-vqag"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.16"},{"url":"http://public2.vulnerablecode.io/api/packages/55952?format=json","purl":"pkg:composer/baserproject/basercms@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-9mf7-56fh-fyfk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-gsg3-fdmu-vqag"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1"}],"aliases":["CVE-2018-0575","GHSA-w935-p7mg-xc96"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r4jc-22rq-d3cb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40004?format=json","vulnerability_id":"VCID-yesf-qxgy-3ygx","summary":"Improper Access Control\nbaserCMS allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors.","references":[{"reference_url":"http://jvn.jp/en/jp/JVN67881316/index.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN67881316/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0572","reference_id":"","reference_type":"","scores":[{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41135","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.4106","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0572"},{"reference_url":"https://basercms.net/security/JVN67881316","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/JVN67881316"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0572","reference_id":"CVE-2018-0572","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0572"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150431?format=json","purl":"pkg:composer/baserproject/basercms@3.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-9mf7-56fh-fyfk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-gsg3-fdmu-vqag"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.16"},{"url":"http://public2.vulnerablecode.io/api/packages/55952?format=json","purl":"pkg:composer/baserproject/basercms@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-9mf7-56fh-fyfk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-gsg3-fdmu-vqag"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1"}],"aliases":["CVE-2018-0572","GHSA-mjj9-33j8-pfwh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yesf-qxgy-3ygx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40018?format=json","vulnerability_id":"VCID-zy68-bur9-1fck","summary":"Cross-site Scripting\nCross-site scripting vulnerability in baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"http://jvn.jp/en/jp/JVN67881316/index.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN67881316/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0574","reference_id":"","reference_type":"","scores":[{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49663","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49601","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0574"},{"reference_url":"https://basercms.net/security/JVN67881316","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://basercms.net/security/JVN67881316"},{"reference_url":"https://github.com/baserproject/basercms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/baserproject/basercms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0574","reference_id":"CVE-2018-0574","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-0574"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150431?format=json","purl":"pkg:composer/baserproject/basercms@3.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-9mf7-56fh-fyfk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-gsg3-fdmu-vqag"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@3.0.16"},{"url":"http://public2.vulnerablecode.io/api/packages/55952?format=json","purl":"pkg:composer/baserproject/basercms@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q79-sxzp-zker"},{"vulnerability":"VCID-5ay3-1t5g-vycu"},{"vulnerability":"VCID-891u-x525-ykbb"},{"vulnerability":"VCID-9mf7-56fh-fyfk"},{"vulnerability":"VCID-ays7-6wvh-augt"},{"vulnerability":"VCID-d5gk-q2hh-kba5"},{"vulnerability":"VCID-eq7f-n3g5-s3hu"},{"vulnerability":"VCID-g56w-z9cx-5ygv"},{"vulnerability":"VCID-ggv8-3v9t-mfea"},{"vulnerability":"VCID-gsg3-fdmu-vqag"},{"vulnerability":"VCID-hpk4-a6tr-3ffe"},{"vulnerability":"VCID-j37y-gws9-ake9"},{"vulnerability":"VCID-jby7-s5ez-dqb3"},{"vulnerability":"VCID-k575-suuf-7bhf"},{"vulnerability":"VCID-khft-xvrw-g3dr"},{"vulnerability":"VCID-kmpp-6j49-pqfz"},{"vulnerability":"VCID-mfm9-gsh3-ubg8"},{"vulnerability":"VCID-nxrf-64er-xbfx"},{"vulnerability":"VCID-p695-t9ye-v3ga"},{"vulnerability":"VCID-p6nr-eu91-53b4"},{"vulnerability":"VCID-pd8c-9d7z-zkhg"},{"vulnerability":"VCID-sqr4-v889-tff8"},{"vulnerability":"VCID-twf5-bzba-gqb4"},{"vulnerability":"VCID-u16w-rbuk-ybfs"},{"vulnerability":"VCID-uedz-j2vn-cbea"},{"vulnerability":"VCID-vqx2-hzju-r7et"},{"vulnerability":"VCID-wvnk-63hy-ykeq"},{"vulnerability":"VCID-xpsb-2yux-g3cf"},{"vulnerability":"VCID-xxud-7jsh-bbc1"},{"vulnerability":"VCID-zsgc-fnen-b7a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1"}],"aliases":["CVE-2018-0574","GHSA-6qjv-43mf-rgrh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zy68-bur9-1fck"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/baserproject/basercms@4.1.1"}