Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
68 vulnerabilities by basercms
CVE-2026-32734 (GCVE-0-2026-32734)
Vulnerability from cvelistv5 – Published: 2026-03-31 00:46 – Updated: 2026-03-31 18:53
VLAI?
Title
baserCMS: Multiple vulnerabilities in baserCMS
Summary
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.2.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32734",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T18:50:30.372289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T18:53:24.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T00:46:43.317Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-677c-xv24-crgx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-677c-xv24-crgx"
},
{
"name": "https://basercms.net/security/JVN_20837860",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_20837860"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/5.2.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/releases/tag/5.2.3"
}
],
"source": {
"advisory": "GHSA-677c-xv24-crgx",
"discovery": "UNKNOWN"
},
"title": "baserCMS: Multiple vulnerabilities in baserCMS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-32734",
"datePublished": "2026-03-31T00:46:43.317Z",
"dateReserved": "2026-03-13T15:02:00.627Z",
"dateUpdated": "2026-03-31T18:53:24.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30879 (GCVE-0-2026-30879)
Vulnerability from cvelistv5 – Published: 2026-03-31 00:45 – Updated: 2026-03-31 14:00
VLAI?
Title
baserCMS: Cross-site scripting vulnerability in blog post
Summary
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in version 5.2.3.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.2.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T14:00:24.698385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T14:00:32.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in version 5.2.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T00:45:50.416Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-jmq3-x8q7-j9qm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-jmq3-x8q7-j9qm"
},
{
"name": "https://basercms.net/security/JVN_20837860",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_20837860"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/5.2.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/releases/tag/5.2.3"
}
],
"source": {
"advisory": "GHSA-jmq3-x8q7-j9qm",
"discovery": "UNKNOWN"
},
"title": "baserCMS: Cross-site scripting vulnerability in blog post"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-30879",
"datePublished": "2026-03-31T00:45:50.416Z",
"dateReserved": "2026-03-06T00:04:56.699Z",
"dateUpdated": "2026-03-31T14:00:32.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30940 (GCVE-0-2026-30940)
Vulnerability from cvelistv5 – Published: 2026-03-31 00:45 – Updated: 2026-04-02 14:46
VLAI?
Title
baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE
Summary
baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path parameter to create a PHP file in an arbitrary directory outside the theme directory, which may result in remote code execution (RCE). This issue has been patched in version 5.2.3.
Severity ?
7.2 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.2.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T14:46:24.039682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T14:46:54.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path parameter to create a PHP file in an arbitrary directory outside the theme directory, which may result in remote code execution (RCE). This issue has been patched in version 5.2.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T00:45:35.177Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-c5c6-37vq-pjcq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-c5c6-37vq-pjcq"
},
{
"name": "https://basercms.net/security/JVN_20837860",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_20837860"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/5.2.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/releases/tag/5.2.3"
}
],
"source": {
"advisory": "GHSA-c5c6-37vq-pjcq",
"discovery": "UNKNOWN"
},
"title": "baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-30940",
"datePublished": "2026-03-31T00:45:35.177Z",
"dateReserved": "2026-03-07T17:34:39.978Z",
"dateUpdated": "2026-04-02T14:46:54.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30878 (GCVE-0-2026-30878)
Vulnerability from cvelistv5 – Published: 2026-03-31 00:45 – Updated: 2026-03-31 19:09
VLAI?
Title
baserCMS: Mail Form Acceptance Bypass via Public API
Summary
baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spam or abuse via the API. This issue has been patched in version 5.2.3.
Severity ?
5.3 (Medium)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.2.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30878",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T18:39:51.414757Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T19:09:18.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-8cr7-r8qw-gp3c"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spam or abuse via the API. This issue has been patched in version 5.2.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T00:45:21.294Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-8cr7-r8qw-gp3c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-8cr7-r8qw-gp3c"
},
{
"name": "https://basercms.net/security/JVN_20837860",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_20837860"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/5.2.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/releases/tag/5.2.3"
}
],
"source": {
"advisory": "GHSA-8cr7-r8qw-gp3c",
"discovery": "UNKNOWN"
},
"title": "baserCMS: Mail Form Acceptance Bypass via Public API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-30878",
"datePublished": "2026-03-31T00:45:21.294Z",
"dateReserved": "2026-03-06T00:04:56.699Z",
"dateUpdated": "2026-03-31T19:09:18.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30877 (GCVE-0-2026-30877)
Vulnerability from cvelistv5 – Published: 2026-03-31 00:45 – Updated: 2026-04-02 14:43
VLAI?
Title
baserCMS: OS Command Injection in the baserCMS Update Functionality
Summary
baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the user account running baserCMS. This issue has been patched in version 5.2.3.
Severity ?
9.1 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.2.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30877",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T14:43:30.917593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T14:43:52.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the user account running baserCMS. This issue has been patched in version 5.2.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T00:45:09.718Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-m9g7-rgfc-jcm7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-m9g7-rgfc-jcm7"
},
{
"name": "https://basercms.net/security/JVN_20837860",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_20837860"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/5.2.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/releases/tag/5.2.3"
}
],
"source": {
"advisory": "GHSA-m9g7-rgfc-jcm7",
"discovery": "UNKNOWN"
},
"title": "baserCMS: OS Command Injection in the baserCMS Update Functionality"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-30877",
"datePublished": "2026-03-31T00:45:09.718Z",
"dateReserved": "2026-03-06T00:04:56.699Z",
"dateUpdated": "2026-04-02T14:43:52.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30880 (GCVE-0-2026-30880)
Vulnerability from cvelistv5 – Published: 2026-03-31 00:44 – Updated: 2026-03-31 15:27
VLAI?
Title
baserCMS: OS command injection vulnerability in installer
Summary
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.2.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30880",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T15:27:05.304226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T15:27:21.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T00:44:39.344Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-6hpg-8rx3-cwgv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-6hpg-8rx3-cwgv"
},
{
"name": "https://basercms.net/security/JVN_20837860",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_20837860"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/5.2.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/releases/tag/5.2.3"
}
],
"source": {
"advisory": "GHSA-6hpg-8rx3-cwgv",
"discovery": "UNKNOWN"
},
"title": "baserCMS: OS command injection vulnerability in installer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-30880",
"datePublished": "2026-03-31T00:44:39.344Z",
"dateReserved": "2026-03-06T00:04:56.699Z",
"dateUpdated": "2026-03-31T15:27:21.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27697 (GCVE-0-2026-27697)
Vulnerability from cvelistv5 – Published: 2026-03-31 00:44 – Updated: 2026-03-31 15:28
VLAI?
Title
baserCMS: SQL injection vulnerability in blog post
Summary
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.2.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27697",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T15:27:51.222627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T15:28:00.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T00:44:20.442Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-vh89-rjph-2g7p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-vh89-rjph-2g7p"
},
{
"name": "https://basercms.net/security/JVN_20837860",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_20837860"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/5.2.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/releases/tag/5.2.3"
}
],
"source": {
"advisory": "GHSA-vh89-rjph-2g7p",
"discovery": "UNKNOWN"
},
"title": "baserCMS: SQL injection vulnerability in blog post"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27697",
"datePublished": "2026-03-31T00:44:20.442Z",
"dateReserved": "2026-02-23T17:56:51.202Z",
"dateUpdated": "2026-03-31T15:28:00.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21861 (GCVE-0-2026-21861)
Vulnerability from cvelistv5 – Published: 2026-03-31 00:43 – Updated: 2026-03-31 14:01
VLAI?
Title
baserCMS: OS Command Injection Leading to Remote Code Execution (RCE)
Summary
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerability in the core update functionality. An authenticated administrator can execute arbitrary OS commands on the server due to improper handling of user-controlled input that is directly passed to exec() without sufficient validation or escaping. This issue has been patched in version 5.2.3.
Severity ?
9.1 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.2.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21861",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T14:01:36.891582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T14:01:39.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-qxmc-6f24-g86g"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerability in the core update functionality. An authenticated administrator can execute arbitrary OS commands on the server due to improper handling of user-controlled input that is directly passed to exec() without sufficient validation or escaping. This issue has been patched in version 5.2.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T00:43:58.296Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-qxmc-6f24-g86g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-qxmc-6f24-g86g"
},
{
"name": "https://basercms.net/security/JVN_20837860",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_20837860"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/5.2.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/releases/tag/5.2.3"
}
],
"source": {
"advisory": "GHSA-qxmc-6f24-g86g",
"discovery": "UNKNOWN"
},
"title": "baserCMS: OS Command Injection Leading to Remote Code Execution (RCE)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21861",
"datePublished": "2026-03-31T00:43:58.296Z",
"dateReserved": "2026-01-05T16:44:16.367Z",
"dateUpdated": "2026-03-31T14:01:39.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32957 (GCVE-0-2025-32957)
Vulnerability from cvelistv5 – Published: 2026-03-31 00:43 – Updated: 2026-03-31 19:09
VLAI?
Title
baserCMS: unsafe File Upload Leading to Remote Code Execution (RCE)
Summary
baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using require_once without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve arbitrary code execution when it is included. This issue has been patched in version 5.2.3.
Severity ?
8.7 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.2.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32957",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T18:39:21.747739Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T19:09:23.581Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hv78-cwp4-8r7r"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 5.2.3, the application\u0027s restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using require_once without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve arbitrary code execution when it is included. This issue has been patched in version 5.2.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T00:43:48.908Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-hv78-cwp4-8r7r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hv78-cwp4-8r7r"
},
{
"name": "https://basercms.net/security/JVN_20837860",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_20837860"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/5.2.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/releases/tag/5.2.3"
}
],
"source": {
"advisory": "GHSA-hv78-cwp4-8r7r",
"discovery": "UNKNOWN"
},
"title": "baserCMS: unsafe File Upload Leading to Remote Code Execution (RCE)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-32957",
"datePublished": "2026-03-31T00:43:48.908Z",
"dateReserved": "2025-04-14T21:47:11.452Z",
"dateUpdated": "2026-03-31T19:09:23.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46998 (GCVE-0-2024-46998)
Vulnerability from cvelistv5 – Published: 2024-10-24 18:52 – Updated: 2024-10-24 20:01
VLAI?
Title
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature
Summary
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.1.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46998",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:01:19.157961Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T20:01:26.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:52:08.244Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-p3m2-mj3j-j49x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-p3m2-mj3j-j49x"
},
{
"name": "https://basercms.net/security/JVN_98693329",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_98693329"
}
],
"source": {
"advisory": "GHSA-p3m2-mj3j-j49x",
"discovery": "UNKNOWN"
},
"title": "baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-46998",
"datePublished": "2024-10-24T18:52:08.244Z",
"dateReserved": "2024-09-16T16:10:09.021Z",
"dateUpdated": "2024-10-24T20:01:26.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46996 (GCVE-0-2024-46996)
Vulnerability from cvelistv5 – Published: 2024-10-24 18:35 – Updated: 2024-10-24 19:22
VLAI?
Title
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature
Summary
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.1.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T19:22:34.768401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T19:22:51.973Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:35:21.088Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-66jv-qrm3-vvfg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-66jv-qrm3-vvfg"
},
{
"name": "https://basercms.net/security/JVN_00876083",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_00876083"
}
],
"source": {
"advisory": "GHSA-66jv-qrm3-vvfg",
"discovery": "UNKNOWN"
},
"title": "baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-46996",
"datePublished": "2024-10-24T18:35:21.088Z",
"dateReserved": "2024-09-16T16:10:09.021Z",
"dateUpdated": "2024-10-24T19:22:51.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46995 (GCVE-0-2024-46995)
Vulnerability from cvelistv5 – Published: 2024-10-24 18:31 – Updated: 2024-10-24 19:23
VLAI?
Title
baserCMS has Cross-site Scripting Vulnerability in HTTP 400 Bad Request
Summary
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.1.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T19:23:15.416390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T19:23:24.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:31:12.796Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-mr7q-fv7j-jcgv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-mr7q-fv7j-jcgv"
},
{
"name": "https://basercms.net/security/JVN_06274755",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_06274755"
}
],
"source": {
"advisory": "GHSA-mr7q-fv7j-jcgv",
"discovery": "UNKNOWN"
},
"title": "baserCMS has Cross-site Scripting Vulnerability in HTTP 400 Bad Request"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-46995",
"datePublished": "2024-10-24T18:31:12.796Z",
"dateReserved": "2024-09-16T16:10:09.020Z",
"dateUpdated": "2024-10-24T19:23:24.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46994 (GCVE-0-2024-46994)
Vulnerability from cvelistv5 – Published: 2024-10-24 18:22 – Updated: 2024-10-24 19:23
VLAI?
Title
baserCMS has Cross-site Scripting Vulnerability in Blog posts and Contents list Feature
Summary
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.1.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46994",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T19:23:44.404037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T19:23:55.028Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:27:01.650Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-wrjc-fmfq-w3jr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-wrjc-fmfq-w3jr"
},
{
"name": "https://basercms.net/security/JVN_00876083",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_00876083"
}
],
"source": {
"advisory": "GHSA-wrjc-fmfq-w3jr",
"discovery": "UNKNOWN"
},
"title": "baserCMS has Cross-site Scripting Vulnerability in Blog posts and Contents list Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-46994",
"datePublished": "2024-10-24T18:22:25.924Z",
"dateReserved": "2024-09-16T16:10:09.020Z",
"dateUpdated": "2024-10-24T19:23:55.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26128 (GCVE-0-2024-26128)
Vulnerability from cvelistv5 – Published: 2024-02-22 18:32 – Updated: 2024-08-01 23:59
VLAI?
Title
baserCMS Cross-site Scripting vulnerability in Content Management
Summary
baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.0.9
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T15:20:28.991506Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T18:18:41.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:59:32.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5"
},
{
"name": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c"
},
{
"name": "https://basercms.net/security/JVN_73283159",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_73283159"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-22T18:32:43.866Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5"
},
{
"name": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c"
},
{
"name": "https://basercms.net/security/JVN_73283159",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_73283159"
}
],
"source": {
"advisory": "GHSA-jjxq-m8h3-4vw5",
"discovery": "UNKNOWN"
},
"title": "baserCMS Cross-site Scripting vulnerability in Content Management"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-26128",
"datePublished": "2024-02-22T18:32:43.866Z",
"dateReserved": "2024-02-14T17:40:03.687Z",
"dateUpdated": "2024-08-01T23:59:32.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51450 (GCVE-0-2023-51450)
Vulnerability from cvelistv5 – Published: 2024-02-22 14:50 – Updated: 2024-08-02 22:32
VLAI?
Title
baserCMS OS command injection vulnerability in Installer
Summary
baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability.
Severity ?
5.6 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.0.9
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51450",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T16:32:12.187899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:55.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:10.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr"
},
{
"name": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c"
},
{
"name": "https://basercms.net/security/JVN_09767360",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_09767360"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-22T14:50:51.098Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-77fc-4cv5-hmfr"
},
{
"name": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c"
},
{
"name": "https://basercms.net/security/JVN_09767360",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_09767360"
}
],
"source": {
"advisory": "GHSA-77fc-4cv5-hmfr",
"discovery": "UNKNOWN"
},
"title": "baserCMS OS command injection vulnerability in Installer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-51450",
"datePublished": "2024-02-22T14:50:51.098Z",
"dateReserved": "2023-12-19T15:19:39.615Z",
"dateUpdated": "2024-08-02T22:32:10.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44379 (GCVE-0-2023-44379)
Vulnerability from cvelistv5 – Published: 2024-02-22 14:47 – Updated: 2025-04-22 16:19
VLAI?
Title
baserCMS Cross-site Scripting vulnerability in Site search Feature
Summary
baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the site search feature. Version 5.0.9 contains a fix for this vulnerability.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 5.0.9
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T16:39:22.092743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:19:39.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:07:33.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87"
},
{
"name": "https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4"
},
{
"name": "https://basercms.net/security/JVN_73283159",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_73283159"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the site search feature. Version 5.0.9 contains a fix for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-22T14:47:14.333Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-66c2-p8rh-qx87"
},
{
"name": "https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/18549396e5a9b8294306a54a876af164b0b57da4"
},
{
"name": "https://basercms.net/security/JVN_73283159",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_73283159"
}
],
"source": {
"advisory": "GHSA-66c2-p8rh-qx87",
"discovery": "UNKNOWN"
},
"title": "baserCMS Cross-site Scripting vulnerability in Site search Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-44379",
"datePublished": "2024-02-22T14:47:14.333Z",
"dateReserved": "2023-09-28T17:56:32.612Z",
"dateUpdated": "2025-04-22T16:19:39.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43792 (GCVE-0-2023-43792)
Vulnerability from cvelistv5 – Published: 2023-10-30 20:00 – Updated: 2024-09-05 20:20
VLAI?
Title
baserCMS Code Injection Vulnerability in Mail Form Feature
Summary
baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available.
Severity ?
5.3 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
>= 4.6.0, <= 4.7.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6"
},
{
"name": "https://basercms.net/security/JVN_45547161",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_45547161"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43792",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T20:20:30.681578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T20:20:41.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.6.0, \u003c= 4.7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T20:00:14.664Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-vrm6-c878-fpq6"
},
{
"name": "https://basercms.net/security/JVN_45547161",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_45547161"
}
],
"source": {
"advisory": "GHSA-vrm6-c878-fpq6",
"discovery": "UNKNOWN"
},
"title": "baserCMS Code Injection Vulnerability in Mail Form Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43792",
"datePublished": "2023-10-30T20:00:14.664Z",
"dateReserved": "2023-09-22T14:51:42.339Z",
"dateUpdated": "2024-09-05T20:20:41.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43649 (GCVE-0-2023-43649)
Vulnerability from cvelistv5 – Published: 2023-10-30 18:29 – Updated: 2024-09-05 20:21
VLAI?
Title
baserCMS CSRF vulnerability in Content preview Feature
Summary
baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue.
Severity ?
4.7 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.8.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5"
},
{
"name": "https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6"
},
{
"name": "https://basercms.net/security/JVN_99052047",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_99052047"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43649",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T20:21:18.415867Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T20:21:29.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T18:29:26.783Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-fw9x-cqjq-7jx5"
},
{
"name": "https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/874c55433fead93e0be9df96fd28740f8047c8b6"
},
{
"name": "https://basercms.net/security/JVN_99052047",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_99052047"
}
],
"source": {
"advisory": "GHSA-fw9x-cqjq-7jx5",
"discovery": "UNKNOWN"
},
"title": "baserCMS CSRF vulnerability in Content preview Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43649",
"datePublished": "2023-10-30T18:29:26.783Z",
"dateReserved": "2023-09-20T15:35:38.147Z",
"dateUpdated": "2024-09-05T20:21:29.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43648 (GCVE-0-2023-43648)
Vulnerability from cvelistv5 – Published: 2023-10-30 18:24 – Updated: 2024-09-05 20:22
VLAI?
Title
baserCMS Directory Traversal vulnerability in Form submission data management Feature
Summary
baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.8.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:44.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55"
},
{
"name": "https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b"
},
{
"name": "https://basercms.net/security/JVN_81174674",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_81174674"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43648",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T20:22:00.718382Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T20:22:13.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T18:24:24.733Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hmqj-gv2m-hq55"
},
{
"name": "https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/7555a5cf0006755dc0223fffc2d882b50a97758b"
},
{
"name": "https://basercms.net/security/JVN_81174674",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_81174674"
}
],
"source": {
"advisory": "GHSA-hmqj-gv2m-hq55",
"discovery": "UNKNOWN"
},
"title": "baserCMS Directory Traversal vulnerability in Form submission data management Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43648",
"datePublished": "2023-10-30T18:24:24.733Z",
"dateReserved": "2023-09-20T15:35:38.147Z",
"dateUpdated": "2024-09-05T20:22:13.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43647 (GCVE-0-2023-43647)
Vulnerability from cvelistv5 – Published: 2023-10-30 18:18 – Updated: 2024-09-06 20:13
VLAI?
Title
baserCMS Cross-site Scripting vulnerability in File upload Feature
Summary
baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.8.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv"
},
{
"name": "https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e"
},
{
"name": "https://basercms.net/security/JVN_24381990",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_24381990"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:12:52.747465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:13:17.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T18:18:35.381Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-ggj4-78rm-6xgv"
},
{
"name": "https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/eb5977533d05db4f3bb03bd19630b66052799b2e"
},
{
"name": "https://basercms.net/security/JVN_24381990",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_24381990"
}
],
"source": {
"advisory": "GHSA-ggj4-78rm-6xgv",
"discovery": "UNKNOWN"
},
"title": "baserCMS Cross-site Scripting vulnerability in File upload Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43647",
"datePublished": "2023-10-30T18:18:35.381Z",
"dateReserved": "2023-09-20T15:35:38.146Z",
"dateUpdated": "2024-09-06T20:13:17.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29009 (GCVE-0-2023-29009)
Vulnerability from cvelistv5 – Published: 2023-10-27 19:30 – Updated: 2024-09-09 14:59
VLAI?
Title
basercms XSS Vulnerability via Favorites Feature
Summary
baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.8.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq"
},
{
"name": "https://basercms.net/security/JVN_45547161",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_45547161"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:59:04.595609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T14:59:18.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-27T19:30:18.390Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq"
},
{
"name": "https://basercms.net/security/JVN_45547161",
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_45547161"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0"
}
],
"source": {
"advisory": "GHSA-8vqx-prq4-rqrq",
"discovery": "UNKNOWN"
},
"title": "basercms XSS Vulnerability via Favorites Feature"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29009",
"datePublished": "2023-10-27T19:30:18.390Z",
"dateReserved": "2023-03-29T17:39:16.143Z",
"dateUpdated": "2024-09-09T14:59:18.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25655 (GCVE-0-2023-25655)
Vulnerability from cvelistv5 – Published: 2023-03-23 19:23 – Updated: 2025-02-25 14:50
VLAI?
Title
baserCMS allows any file to be uploaded
Summary
baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch.
Severity ?
9.8 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.7.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8"
},
{
"name": "https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100"
},
{
"name": "https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:30:57.300738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:50:52.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-23T19:23:58.897Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-mfvg-qwcw-qvc8"
},
{
"name": "https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/922025a98b0e697ab78f6a785a004e0729aa9100"
},
{
"name": "https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/9297629983ed908c7f51bf61a0231dde91404ebd"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5"
}
],
"source": {
"advisory": "GHSA-mfvg-qwcw-qvc8",
"discovery": "UNKNOWN"
},
"title": "baserCMS allows any file to be uploaded"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25655",
"datePublished": "2023-03-23T19:23:58.897Z",
"dateReserved": "2023-02-09T20:58:21.856Z",
"dateUpdated": "2025-02-25T14:50:52.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25654 (GCVE-0-2023-25654)
Vulnerability from cvelistv5 – Published: 2023-03-23 19:22 – Updated: 2025-02-25 14:51
VLAI?
Title
baserCMS File Uploader Remote Code Execution (RCE) vulnerability
Summary
baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch.
Severity ?
9.8 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.7.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9"
},
{
"name": "https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96"
},
{
"name": "https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359"
},
{
"name": "https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:31:00.301971Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:51:02.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.7.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-23T19:22:30.154Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9"
},
{
"name": "https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96"
},
{
"name": "https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359"
},
{
"name": "https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0"
},
{
"name": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5"
}
],
"source": {
"advisory": "GHSA-h4cc-fxpp-pgw9",
"discovery": "UNKNOWN"
},
"title": "baserCMS File Uploader Remote Code Execution (RCE) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25654",
"datePublished": "2023-03-23T19:22:30.154Z",
"dateReserved": "2023-02-09T20:58:21.856Z",
"dateUpdated": "2025-02-25T14:51:02.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41994 (GCVE-0-2022-41994)
Vulnerability from cvelistv5 – Published: 2022-12-07 00:00 – Updated: 2025-04-23 14:28
VLAI?
Summary
Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
Severity ?
4.8 (Medium)
CWE
- Cross-site scripting
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserCMS Users Community | baserCMS |
Affected:
versions prior to 4.7.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:39.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://basercms.net/security/JVN_53682526"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN53682526/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-41994",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:27:38.334790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:28:32.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "versions prior to 4.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://basercms.net/security/JVN_53682526"
},
{
"url": "https://jvn.jp/en/jp/JVN53682526/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-41994",
"datePublished": "2022-12-07T00:00:00.000Z",
"dateReserved": "2022-10-22T00:00:00.000Z",
"dateUpdated": "2025-04-23T14:28:32.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42486 (GCVE-0-2022-42486)
Vulnerability from cvelistv5 – Published: 2022-12-07 00:00 – Updated: 2025-04-23 16:02
VLAI?
Summary
Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
Severity ?
4.8 (Medium)
CWE
- Cross-site scripting
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserCMS Users Community | baserCMS |
Affected:
versions prior to 4.7.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:10:40.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://basercms.net/security/JVN_53682526"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN53682526/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-42486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T16:01:40.424230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:02:53.115Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "versions prior to 4.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://basercms.net/security/JVN_53682526"
},
{
"url": "https://jvn.jp/en/jp/JVN53682526/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-42486",
"datePublished": "2022-12-07T00:00:00.000Z",
"dateReserved": "2022-10-22T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:02:53.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39325 (GCVE-0-2022-39325)
Vulnerability from cvelistv5 – Published: 2022-11-25 00:00 – Updated: 2025-04-23 16:35
VLAI?
Title
Cross-site scripting vulnerability in BaserCMS
Summary
BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are advised to upgrade as soon as possible. There are no known workarounds for this vulnerability.
Severity ?
4.6 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.7.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:44.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6"
},
{
"tags": [
"x_transferred"
],
"url": "https://basercms.net/security/JVN_53682526"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:54:00.299306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:35:13.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BaserCMS is a content management system with a japanese language focus. In affected versions there is a cross-site scripting vulnerability on the management system of baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users of baserCMS are advised to upgrade as soon as possible. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-25T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-395x-wv32-44v5"
},
{
"url": "https://github.com/baserproject/basercms/commit/b6f8a54e90dee51317eddf517b776fe8b4cd3ef6"
},
{
"url": "https://basercms.net/security/JVN_53682526"
}
],
"source": {
"advisory": "GHSA-395x-wv32-44v5",
"discovery": "UNKNOWN"
},
"title": "Cross-site scripting vulnerability in BaserCMS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39325",
"datePublished": "2022-11-25T00:00:00.000Z",
"dateReserved": "2022-09-02T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:35:13.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41279 (GCVE-0-2021-41279)
Vulnerability from cvelistv5 – Published: 2021-11-26 18:00 – Updated: 2024-08-04 03:08
VLAI?
Title
Zip Slip Vulnerability in BaserCMS
Summary
BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible.
Severity ?
7.7 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.5.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:31.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-4x2f-54wr-4hjg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/d8ab0a81a7bce35cc95ff7dff851a7e87a084336"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-26T18:00:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-4x2f-54wr-4hjg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/d8ab0a81a7bce35cc95ff7dff851a7e87a084336"
}
],
"source": {
"advisory": "GHSA-4x2f-54wr-4hjg",
"discovery": "UNKNOWN"
},
"title": "Zip Slip Vulnerability in BaserCMS",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41279",
"STATE": "PUBLIC",
"TITLE": "Zip Slip Vulnerability in BaserCMS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "basercms",
"version": {
"version_data": [
{
"version_value": "\u003c 4.5.3"
}
]
}
}
]
},
"vendor_name": "baserproject"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-4x2f-54wr-4hjg",
"refsource": "CONFIRM",
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-4x2f-54wr-4hjg"
},
{
"name": "https://github.com/baserproject/basercms/commit/d8ab0a81a7bce35cc95ff7dff851a7e87a084336",
"refsource": "MISC",
"url": "https://github.com/baserproject/basercms/commit/d8ab0a81a7bce35cc95ff7dff851a7e87a084336"
}
]
},
"source": {
"advisory": "GHSA-4x2f-54wr-4hjg",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41279",
"datePublished": "2021-11-26T18:00:11.000Z",
"dateReserved": "2021-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:08:31.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41243 (GCVE-0-2021-41243)
Vulnerability from cvelistv5 – Published: 2021-11-26 17:55 – Updated: 2024-08-04 03:08
VLAI?
Title
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability
Summary
There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible.
Severity ?
9.1 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.5.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:31.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-7rpc-9m88-cf9w"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/9088b99c329d1faff3a2f1269f37b9a9d8d5f6ff"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.5.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-26T17:55:09.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-7rpc-9m88-cf9w"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/9088b99c329d1faff3a2f1269f37b9a9d8d5f6ff"
}
],
"source": {
"advisory": "GHSA-7rpc-9m88-cf9w",
"discovery": "UNKNOWN"
},
"title": "OS Command Injection Vulnerability and Potential Zip Slip Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41243",
"STATE": "PUBLIC",
"TITLE": "OS Command Injection Vulnerability and Potential Zip Slip Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "basercms",
"version": {
"version_data": [
{
"version_value": "\u003c 4.5.4"
}
]
}
}
]
},
"vendor_name": "baserproject"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-7rpc-9m88-cf9w",
"refsource": "CONFIRM",
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-7rpc-9m88-cf9w"
},
{
"name": "https://github.com/baserproject/basercms/commit/9088b99c329d1faff3a2f1269f37b9a9d8d5f6ff",
"refsource": "MISC",
"url": "https://github.com/baserproject/basercms/commit/9088b99c329d1faff3a2f1269f37b9a9d8d5f6ff"
}
]
},
"source": {
"advisory": "GHSA-7rpc-9m88-cf9w",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41243",
"datePublished": "2021-11-26T17:55:09.000Z",
"dateReserved": "2021-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:08:31.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39136 (GCVE-0-2021-39136)
Vulnerability from cvelistv5 – Published: 2021-08-25 18:05 – Updated: 2024-08-04 01:58
VLAI?
Title
Cross-site scripting vulnerability in file upload
Summary
baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS. Users are advised to update as soon as possible. No workaround are available to mitigate this issue.
Severity ?
8.7 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserproject | basercms |
Affected:
< 4.5.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:17.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN_14134801"
},
{
"name": "JVN#14134801",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN14134801/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "basercms",
"vendor": "baserproject",
"versions": [
{
"status": "affected",
"version": "\u003c 4.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS. Users are advised to update as soon as possible. No workaround are available to mitigate this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-27T04:06:09.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN_14134801"
},
{
"name": "JVN#14134801",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN14134801/index.html"
}
],
"source": {
"advisory": "GHSA-hgjr-632x-qpp3",
"discovery": "UNKNOWN"
},
"title": "Cross-site scripting vulnerability in file upload",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-39136",
"STATE": "PUBLIC",
"TITLE": "Cross-site scripting vulnerability in file upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "basercms",
"version": {
"version_data": [
{
"version_value": "\u003c 4.5.1"
}
]
}
}
]
},
"vendor_name": "baserproject"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS. Users are advised to update as soon as possible. No workaround are available to mitigate this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3",
"refsource": "CONFIRM",
"url": "https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3"
},
{
"name": "https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bc",
"refsource": "MISC",
"url": "https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bc"
},
{
"name": "https://basercms.net/security/JVN_14134801",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN_14134801"
},
{
"name": "JVN#14134801",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN14134801/index.html"
}
]
},
"source": {
"advisory": "GHSA-hgjr-632x-qpp3",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-39136",
"datePublished": "2021-08-25T18:05:13.000Z",
"dateReserved": "2021-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:58:17.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20683 (GCVE-0-2021-20683)
Vulnerability from cvelistv5 – Published: 2021-03-26 08:50 – Updated: 2024-08-03 17:45
VLAI?
Summary
Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baserCMS Users Community | baserCMS |
Affected:
versions prior to 4.4.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://basercms.net/security/JVN64869876"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN64869876/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "baserCMS",
"vendor": "baserCMS Users Community",
"versions": [
{
"status": "affected",
"version": "versions prior to 4.4.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-26T08:50:28.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://basercms.net/security/JVN64869876"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN64869876/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "versions prior to 4.4.5"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN64869876",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN64869876"
},
{
"name": "https://jvn.jp/en/jp/JVN64869876/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN64869876/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20683",
"datePublished": "2021-03-26T08:50:29.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:45.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}