Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-nxrf-64er-xbfx
Vulnerability ID VCID-nxrf-64er-xbfx
Aliases CVE-2024-26128
GHSA-jjxq-m8h3-4vw5
Summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.02281 https://api.first.org/data/v1/epss?cve=CVE-2024-26128
cvssv3.1 5.4 https://basercms.net/security/JVN_73283159
generic_textual MODERATE https://basercms.net/security/JVN_73283159
ssvc Track https://basercms.net/security/JVN_73283159
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-jjxq-m8h3-4vw5
cvssv3.1 5.4 https://github.com/baserproject/basercms
generic_textual MODERATE https://github.com/baserproject/basercms
cvssv3.1 5.4 https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c
generic_textual MODERATE https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c
ssvc Track https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c
cvssv3.1 5.4 https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5
cvssv3.1_qr MODERATE https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5
generic_textual MODERATE https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5
ssvc Track https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5
cvssv3.1 5.4 https://nvd.nist.gov/vuln/detail/CVE-2024-26128
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2024-26128
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-26128
https://basercms.net/security/JVN_73283159
https://github.com/baserproject/basercms
https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c
CVE-2024-26128 https://nvd.nist.gov/vuln/detail/CVE-2024-26128
GHSA-jjxq-m8h3-4vw5 https://github.com/advisories/GHSA-jjxq-m8h3-4vw5
GHSA-jjxq-m8h3-4vw5 https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://basercms.net/security/JVN_73283159
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-12T15:20:28Z/ Found at https://basercms.net/security/JVN_73283159
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/baserproject/basercms
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-12T15:20:28Z/ Found at https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-12T15:20:28Z/ Found at https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-26128
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.85006
EPSS Score 0.02281
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:47:12.403730+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/baserproject/basercms/CVE-2024-26128.yml 38.6.0