Baserproject Basercms
33 CVEs affecting Baserproject Basercms. Latest disclosed: 2026-03-31. Critical: 5, High: 12.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-25655 | Critical | 9.8 | 2023-03-23 | baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch. |
CVE-2023-25654 | Critical | 9.8 | 2023-03-23 | baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Ver… |
CVE-2026-30877 | Critical | 9.1 | 2026-03-31 | baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this is… |
CVE-2026-21861 | Critical | 9.1 | 2026-03-31 | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerability in the core update functionality… |
CVE-2021-41243 | Critical | 9.1 | 2021-11-26 | There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files… |
CVE-2025-32957 | High | 8.7 | 2026-03-31 | baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then autom… |
CVE-2021-39136 | High | 8.7 | 2021-08-25 | baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerabil… |
CVE-2021-41279 | High | 7.7 | 2021-11-26 | BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload cra… |
CVE-2020-15276 | High | 7.7 | 2020-10-30 | baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The… |
CVE-2020-15159 | High | 7.6 | 2020-08-28 | baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administra… |
CVE-2020-15273 | High | 7.3 | 2020-10-30 | baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site… |
CVE-2020-15155 | High | 7.3 | 2020-08-28 | baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. Th… |
CVE-2020-15154 | High | 7.3 | 2020-08-28 | baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. Th… |
CVE-2026-30940 | High | 7.2 | 2026-03-31 | baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/b… |
CVE-2020-15277 | High | 7.2 | 2020-10-30 | baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executa… |
CVE-2026-32734 | High | 7.1 | 2026-03-31 | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched i… |
CVE-2024-46998 | High | 7.1 | 2024-10-24 | baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version… |
CVE-2024-46996 | Medium | 6.3 | 2024-10-24 | baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes t… |
CVE-2024-46995 | Medium | 6.1 | 2024-10-24 | baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes thi… |
CVE-2023-44379 | Medium | 6.1 | 2024-02-22 | baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the site search feature. Version 5.0.9 co… |