baserproject/basercms Security Advisories for 5.0.14 (13)
-
[HIGH] baserCMS is Vulnerable to Cross-site Scripting
PKSA-hd1x-n8tw-4v66 CVE-2026-32734 GHSA-677c-xv24-crgx
Affected version: <=5.2.2
Reported by:
GitHub -
[HIGH] baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API
PKSA-6jcy-61hj-18tr CVE-2026-30940 GHSA-c5c6-37vq-pjcq
Affected version: <=5.2.2
Reported by:
GitHub -
[CRITICAL] baserCMS has OS command injection vulnerability in installer
PKSA-9wbk-k4bx-zvqq CVE-2026-30880 GHSA-6hpg-8rx3-cwgv
Affected version: <=5.2.2
Reported by:
GitHub -
[MEDIUM] baserCMS has a cross-site scripting vulnerability in blog posts
PKSA-kcyg-5jhp-1x3h CVE-2026-30879 GHSA-jmq3-x8q7-j9qm
Affected version: <=5.2.2
Reported by:
GitHub -
[MEDIUM] baserCMS has Mail Form Acceptance Bypass via Public API
PKSA-ztxq-vhtb-jhvy CVE-2026-30878 GHSA-8cr7-r8qw-gp3c
Affected version: <=5.2.2
Reported by:
GitHub -
[CRITICAL] baserCMS Update Functionality Vulnerable to OS Command Injection
PKSA-mr15-f3n3-4vy5 CVE-2026-30877 GHSA-m9g7-rgfc-jcm7
Affected version: <=5.2.2
Reported by:
GitHub -
[MEDIUM] baserCMS has an SQL injection vulnerability in its blog post functionality
PKSA-1768-n8q1-3816 CVE-2026-27697 GHSA-vh89-rjph-2g7p
Affected version: <=5.2.2
Reported by:
GitHub -
[CRITICAL] baserCMS has OS Command Injection Leading to Remote Code Execution (RCE)
PKSA-xyh3-vpd8-cdnh CVE-2026-21861 GHSA-qxmc-6f24-g86g
Affected version: <=5.2.2
Reported by:
GitHub -
[HIGH] baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE)
PKSA-mrz2-4hdf-297k CVE-2025-32957 GHSA-hv78-cwp4-8r7r
Affected version: <=5.2.2
Reported by:
GitHub -
[MEDIUM] baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature
PKSA-vwf1-pc89-hwmm CVE-2024-46998 GHSA-p3m2-mj3j-j49x
Affected version: <=5.1.1
Reported by:
GitHub -
[MEDIUM] baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature
PKSA-2n26-3nmt-wj9x CVE-2024-46996 GHSA-66jv-qrm3-vvfg
Affected version: <=5.1.1
Reported by:
GitHub -
[MEDIUM] baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request
PKSA-p655-dyj9-4mvs CVE-2024-46995 GHSA-mr7q-fv7j-jcgv
Affected version: <=5.1.1
Reported by:
GitHub -
[MEDIUM] baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature
PKSA-xcdb-2rf5-69bx CVE-2024-46994 GHSA-wrjc-fmfq-w3jr
Affected version: <=5.1.1
Reported by:
GitHub