Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-kmpp-6j49-pqfz
Vulnerability ID VCID-kmpp-6j49-pqfz
Aliases CVE-2022-39325
GHSA-395x-wv32-44v5
Summary baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability There is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible. ### Target baserCMS 4.7.1 and earlier versions. ### Vulnerability Execution of malicious JavaScript code may alter the display of the page or leak cookie information. - In Favorite registration (CVE-2022-39325) - In Permission Settings (CVE-2022-41994) - In User group management (CVE-2022-42486) ### Countermeasures Update to the latest version of baserCMS ### Credits - Shogo Iyota@Mitsui Bussan Secure Directions, Inc. - YUYA KOTAKE@CARTA HOLDINGS, INC.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00687 https://api.first.org/data/v1/epss?cve=CVE-2022-39325
epss 0.00687 https://api.first.org/data/v1/epss?cve=CVE-2022-39325
cvssv3.1 4.6 https://basercms.net/security/JVN_53682526
generic_textual MODERATE https://basercms.net/security/JVN_53682526
ssvc Track https://basercms.net/security/JVN_53682526
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-395x-wv32-44v5
cvssv3.1 4.6 https://github.com/baserproject/basercms
generic_textual MODERATE https://github.com/baserproject/basercms
cvssv3.1 4.6 https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6
generic_textual MODERATE https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6
ssvc Track https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6
cvssv3.1 4.6 https://github.com/baserproject/basercms/releases/tag/basercms-4.7.2
generic_textual MODERATE https://github.com/baserproject/basercms/releases/tag/basercms-4.7.2
cvssv3.1 4.6 https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5
cvssv3.1_qr MODERATE https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5
generic_textual MODERATE https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5
ssvc Track https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5
cvssv3.1 4.6 https://nvd.nist.gov/vuln/detail/CVE-2022-39325
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2022-39325
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-39325
https://basercms.net/security/JVN_53682526
https://github.com/baserproject/basercms
https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6
https://github.com/baserproject/basercms/releases/tag/basercms-4.7.2
https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5
https://nvd.nist.gov/vuln/detail/CVE-2022-39325
GHSA-395x-wv32-44v5 https://github.com/advisories/GHSA-395x-wv32-44v5
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://basercms.net/security/JVN_53682526
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:00Z/ Found at https://basercms.net/security/JVN_53682526
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://github.com/baserproject/basercms
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:00Z/ Found at https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://github.com/baserproject/basercms/releases/tag/basercms-4.7.2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:54:00Z/ Found at https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-39325
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.72122
EPSS Score 0.00687
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:53:00.220704+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-395x-wv32-44v5/GHSA-395x-wv32-44v5.json 38.6.0