Security Advisories - baserproject/basercms

baserproject/basercms Security Advisories for 4.6.1 (26)

[HIGH] baserCMS is Vulnerable to Cross-site Scripting

PKSA-hd1x-n8tw-4v66 CVE-2026-32734 GHSA-677c-xv24-crgx

Affected version: <=5.2.2

Reported by:
GitHub
[HIGH] baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API

PKSA-6jcy-61hj-18tr CVE-2026-30940 GHSA-c5c6-37vq-pjcq

Affected version: <=5.2.2

Reported by:
GitHub
[CRITICAL] baserCMS has OS command injection vulnerability in installer

PKSA-9wbk-k4bx-zvqq CVE-2026-30880 GHSA-6hpg-8rx3-cwgv

Affected version: <=5.2.2

Reported by:
GitHub
[MEDIUM] baserCMS has a cross-site scripting vulnerability in blog posts

PKSA-kcyg-5jhp-1x3h CVE-2026-30879 GHSA-jmq3-x8q7-j9qm

Affected version: <=5.2.2

Reported by:
GitHub
[MEDIUM] baserCMS has Mail Form Acceptance Bypass via Public API

PKSA-ztxq-vhtb-jhvy CVE-2026-30878 GHSA-8cr7-r8qw-gp3c

Affected version: <=5.2.2

Reported by:
GitHub
[CRITICAL] baserCMS Update Functionality Vulnerable to OS Command Injection

PKSA-mr15-f3n3-4vy5 CVE-2026-30877 GHSA-m9g7-rgfc-jcm7

Affected version: <=5.2.2

Reported by:
GitHub
[MEDIUM] baserCMS has an SQL injection vulnerability in its blog post functionality

PKSA-1768-n8q1-3816 CVE-2026-27697 GHSA-vh89-rjph-2g7p

Affected version: <=5.2.2

Reported by:
GitHub
[CRITICAL] baserCMS has OS Command Injection Leading to Remote Code Execution (RCE)

PKSA-xyh3-vpd8-cdnh CVE-2026-21861 GHSA-qxmc-6f24-g86g

Affected version: <=5.2.2

Reported by:
GitHub
[HIGH] baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE)

PKSA-mrz2-4hdf-297k CVE-2025-32957 GHSA-hv78-cwp4-8r7r

Affected version: <=5.2.2

Reported by:
GitHub
[MEDIUM] baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature

PKSA-vwf1-pc89-hwmm CVE-2024-46998 GHSA-p3m2-mj3j-j49x

Affected version: <=5.1.1

Reported by:
GitHub
[MEDIUM] baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature

PKSA-2n26-3nmt-wj9x CVE-2024-46996 GHSA-66jv-qrm3-vvfg

Affected version: <=5.1.1

Reported by:
GitHub
[MEDIUM] baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request

PKSA-p655-dyj9-4mvs CVE-2024-46995 GHSA-mr7q-fv7j-jcgv

Affected version: <=5.1.1

Reported by:
GitHub
[MEDIUM] baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature

PKSA-xcdb-2rf5-69bx CVE-2024-46994 GHSA-wrjc-fmfq-w3jr

Affected version: <=5.1.1

Reported by:
GitHub
[MEDIUM] baserCMS Cross-site Scripting vulnerability in Site search Feature

PKSA-mwdp-p7zx-ctg9 CVE-2023-44379 GHSA-66c2-p8rh-qx87

Affected version: <5.0.9

Reported by:
GitHub
[MEDIUM] baserCMS OS command injection vulnerability in Installer

PKSA-8rh3-g94s-b7nm CVE-2023-51450 GHSA-77fc-4cv5-hmfr

Affected version: <5.0.9

Reported by:
GitHub
[MEDIUM] baserCMS Cross-site Scripting vulnerability in Content Management

PKSA-6q5n-gkcc-h3dr CVE-2024-26128 GHSA-jjxq-m8h3-4vw5

Affected version: <5.0.9

Reported by:
GitHub
[MEDIUM] baserCMS Code Injection Vulnerability in Mail Form Feature

PKSA-g6cz-p8yb-xrb8 CVE-2023-43792 GHSA-vrm6-c878-fpq6

Affected version: >=4.6.0,<=4.7.6

Reported by:
GitHub
[MEDIUM] baserCMS CSRF vulnerability in Content preview Feature

PKSA-nxwy-9p2v-qc9n CVE-2023-43649 GHSA-fw9x-cqjq-7jx5

Affected version: <4.8.0

Reported by:
GitHub
[MEDIUM] baserCMS Directory Traversal vulnerability in Form submission data management Feature

PKSA-22d5-943w-6dy7 CVE-2023-43648 GHSA-hmqj-gv2m-hq55

Affected version: <4.8.0

Reported by:
GitHub
[MEDIUM] baserCMS Cross-site Scripting vulnerability in File upload Feature

PKSA-bxhm-kd8v-fz1m CVE-2023-43647 GHSA-ggj4-78rm-6xgv

Affected version: <4.8.0

Reported by:
GitHub
[MEDIUM] baserCMS Cross-site Scripting Vulnerability in Favorites Feature

PKSA-fcwx-h4gs-44bz CVE-2023-29009 GHSA-8vqx-prq4-rqrq

Affected version: <4.8.0

Reported by:
GitHub
[CRITICAL] baserCMS allows any file to be uploaded

PKSA-986w-k86s-1jm5 CVE-2023-25655 GHSA-mfvg-qwcw-qvc8

Affected version: <4.7.5

Reported by:
GitHub
[CRITICAL] baserCMS File Uploader Remote Code Execution (RCE) vulnerability

PKSA-by4q-b96z-rq2t CVE-2023-25654 GHSA-h4cc-fxpp-pgw9

Affected version: <4.7.5

Reported by:
GitHub
[MEDIUM] baserCMS vulnerable to stored Cross-site Scripting

PKSA-rfzx-7pgr-3782 CVE-2022-41994 GHSA-vxwf-79ch-f7f7

Affected version: <4.7.2

Reported by:
GitHub
[MEDIUM] baserCMS vulnerable to stored Cross-site Scripting

PKSA-6fzq-jkcg-kvtm CVE-2022-42486 GHSA-7w2v-35j3-xrm9

Affected version: <4.7.2

Reported by:
GitHub
[MEDIUM] baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability

PKSA-bbz7-vqbc-jf2x CVE-2022-39325 GHSA-395x-wv32-44v5

Affected version: <=4.7.1

Reported by:
GitHub

baserproject/basercms Security Advisories for 4.6.1 (26)

[HIGH] baserCMS is Vulnerable to Cross-site Scripting

[HIGH] baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API

[CRITICAL] baserCMS has OS command injection vulnerability in installer

[MEDIUM] baserCMS has a cross-site scripting vulnerability in blog posts

[MEDIUM] baserCMS has Mail Form Acceptance Bypass via Public API

[CRITICAL] baserCMS Update Functionality Vulnerable to OS Command Injection

[MEDIUM] baserCMS has an SQL injection vulnerability in its blog post functionality

[CRITICAL] baserCMS has OS Command Injection Leading to Remote Code Execution (RCE)

[HIGH] baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE)

[MEDIUM] baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature

[MEDIUM] baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature

[MEDIUM] baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request

[MEDIUM] baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature

[MEDIUM] baserCMS Cross-site Scripting vulnerability in Site search Feature

[MEDIUM] baserCMS OS command injection vulnerability in Installer

[MEDIUM] baserCMS Cross-site Scripting vulnerability in Content Management

[MEDIUM] baserCMS Code Injection Vulnerability in Mail Form Feature

[MEDIUM] baserCMS CSRF vulnerability in Content preview Feature

[MEDIUM] baserCMS Directory Traversal vulnerability in Form submission data management Feature

[MEDIUM] baserCMS Cross-site Scripting vulnerability in File upload Feature

[MEDIUM] baserCMS Cross-site Scripting Vulnerability in Favorites Feature

[CRITICAL] baserCMS allows any file to be uploaded

[CRITICAL] baserCMS File Uploader Remote Code Execution (RCE) vulnerability

[MEDIUM] baserCMS vulnerable to stored Cross-site Scripting

[MEDIUM] baserCMS vulnerable to stored Cross-site Scripting

[MEDIUM] baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability