Basercms
by Basercms
Source repositories
CVEs (70)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-7769 | Med | 0.41 | 6.3 | 0.01 | Feb 19, 2016 | baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2026-30940 | Hig | 0.40 | 7.2 | 0.01 | Mar 31, 2026 | baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary file write. An authenticated administrator can include ../… | ||
| CVE-2018-0574 | Med | 0.40 | 6.1 | 0.01 | Jun 26, 2018 | Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2016-1173 | Med | 0.40 | 6.1 | 0.01 | Apr 6, 2016 | Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2016-1171 | Med | 0.40 | 6.1 | 0.01 | Apr 6, 2016 | Cross-site scripting (XSS) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2026-32734 | Hig | 0.39 | 7.1 | 0.00 | Mar 31, 2026 | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3. | ||
| CVE-2024-44807 | Med | 0.35 | 5.3 | 0.01 | Oct 11, 2024 | A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition before 2.25.1 allows remote attackers to obtain sensitive information by exposing a list of the uploaded files. | ||
| CVE-2018-0575 | Med | 0.35 | 5.3 | 0.01 | Jun 26, 2018 | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors. | ||
| CVE-2018-0573 | Med | 0.35 | 5.3 | 0.01 | Jun 26, 2018 | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors. | ||
| CVE-2018-0570 | Med | 0.35 | 5.4 | 0.01 | Jun 26, 2018 | Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2016-4883 | Med | 0.35 | 5.4 | 0.01 | May 12, 2017 | Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2016-4880 | Med | 0.35 | 5.4 | 0.01 | May 12, 2017 | Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2016-4877 | Med | 0.35 | 5.4 | 0.01 | May 12, 2017 | Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2026-30879 | Med | 0.33 | 6.1 | 0.00 | Mar 31, 2026 | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in version 5.2.3. | ||
| CVE-2018-0571 | Med | 0.28 | 4.3 | 0.01 | Jun 26, 2018 | baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files. | ||
| CVE-2026-30878 | Med | 0.27 | 5.3 | 0.00 | Mar 31, 2026 | baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form… | ||
| CVE-2024-46998 | 0.00 | — | 0.00 | Oct 24, 2024 | baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue. | |||
| CVE-2024-46996 | 0.00 | — | 0.00 | Oct 24, 2024 | baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue. | |||
| CVE-2024-46995 | 0.00 | — | 0.00 | Oct 24, 2024 | baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue. | |||
| CVE-2024-46994 | 0.00 | — | 0.00 | Oct 24, 2024 | baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue. |
- risk 0.41cvss 6.3epss 0.01
baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
- risk 0.40cvss 7.2epss 0.01
baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary file write. An authenticated administrator can include ../…
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.39cvss 7.1epss 0.00
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3.
- risk 0.35cvss 5.3epss 0.01
A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition before 2.25.1 allows remote attackers to obtain sensitive information by exposing a list of the uploaded files.
- risk 0.35cvss 5.3epss 0.01
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.
- risk 0.35cvss 5.3epss 0.01
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.33cvss 6.1epss 0.00
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in version 5.2.3.
- risk 0.28cvss 4.3epss 0.01
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files.
- risk 0.27cvss 5.3epss 0.00
baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form…
- CVE-2024-46998Oct 24, 2024risk 0.00cvss —epss 0.00
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue.
- CVE-2024-46996Oct 24, 2024risk 0.00cvss —epss 0.00
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue.
- CVE-2024-46995Oct 24, 2024risk 0.00cvss —epss 0.00
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue.
- CVE-2024-46994Oct 24, 2024risk 0.00cvss —epss 0.00
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue.
Page 2 of 4