XSS in Baserproject Basercms

CVE-2026-30879

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in version 5.2.3.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (1.6th percentile) — read the EPSS interpretation.

Affected products

Baserproject Basercms — versions < 5.2.3

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/baserproject/basercms/security/advisories/GHSA-jmq3-x8q7-j9qm (x_refsource_CONFIRM)
https://basercms.net/security/JVN_20837860 (x_refsource_MISC)
https://github.com/baserproject/basercms/releases/tag/5.2.3 (x_refsource_MISC)