Information from baserCMS Users Community
Vulnerability ID:JVN#20837860
Title:Multiple vulnerabilities in baserCMS
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
baserCMS has multiple vulnerabilities including XSS.
If you are affected by this issue, please update to the new version as soon as possible.
### Target
baserCMS 5.2.2 and earlier versions
### Vulnerability
If these vulnerabilities are exploited, arbitrary scripts may be executed.
1. CVE-2026-30879: XSS in blog post editing
2. CVE-2026-27697: SQL injection in blog post list
3. CVE-2026-30880: OS command injection in installer
4. CVE-2026-32734: XSS in blog post editing, XSS in tag creation
1 and 4, it is a vulnerability that needs to be addressed only if the management screen is used by an unspecified number of users.
### Countermeasures
Update to the latest version of baserCMS
Please refer to the following page to reference for more information.
https://basercms.net/security/JVN_20837860
### Credits
- Gai Tanaka@Mitsui Bussan Secure Directions, Inc.
- Mirai Matsumoto@Future Secure Wave, Inc.
- REN XINGDIAN
- quanlna2 (Le Nguyen Anh Quan)
- namdi (Do Ich Nam)
- minhnn42 (Nguyen Ngoc Minh)
- VCSLab - Viettel Cyber Security
