VYPR

Basercms

by Basercms

Source repositories

CVEs (70)

  • CVE-2015-7769MedFeb 19, 2016
    risk 0.41cvss 6.3epss 0.01

    baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.

  • CVE-2026-30940HigMar 31, 2026
    risk 0.40cvss 7.2epss 0.01

    baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary file write. An authenticated administrator can include ../…

  • CVE-2018-0574MedJun 26, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-1173MedApr 6, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-1171MedApr 6, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2026-32734HigMar 31, 2026
    risk 0.39cvss 7.1epss 0.00

    baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3.

  • CVE-2024-44807MedOct 11, 2024
    risk 0.35cvss 5.3epss 0.01

    A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition before 2.25.1 allows remote attackers to obtain sensitive information by exposing a list of the uploaded files.

  • CVE-2018-0575MedJun 26, 2018
    risk 0.35cvss 5.3epss 0.01

    baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.

  • CVE-2018-0573MedJun 26, 2018
    risk 0.35cvss 5.3epss 0.01

    baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.

  • CVE-2018-0570MedJun 26, 2018
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-4883MedMay 12, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-4880MedMay 12, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-4877MedMay 12, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2026-30879MedMar 31, 2026
    risk 0.33cvss 6.1epss 0.00

    baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in version 5.2.3.

  • CVE-2018-0571MedJun 26, 2018
    risk 0.28cvss 4.3epss 0.01

    baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files.

  • CVE-2026-30878MedMar 31, 2026
    risk 0.27cvss 5.3epss 0.00

    baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form…

  • CVE-2024-46998Oct 24, 2024
    risk 0.00cvss epss 0.00

    baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue.

  • CVE-2024-46996Oct 24, 2024
    risk 0.00cvss epss 0.00

    baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue.

  • CVE-2024-46995Oct 24, 2024
    risk 0.00cvss epss 0.00

    baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue.

  • CVE-2024-46994Oct 24, 2024
    risk 0.00cvss epss 0.00

    baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue.