CVE-2026-30879 — Cross-site Scripting in Basercms

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.9MEDIUMNVD

EPSS

0.0%

top 90.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Baserproject Basercms Basercms

Timeline

PublishedMar 31

Description

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in version 5.2.3.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶NVDbasercms/basercms< 5.2.3

▶CVEListV5baserproject/basercms< 5.2.3

▶Packagistbaserproject/basercms< 5.2.3

🔴Vulnerability Details

OSV

baserCMS has a cross-site scripting vulnerability in blog posts↗2026-03-31

▶

GHSA

baserCMS has a cross-site scripting vulnerability in blog posts↗2026-03-31

▶

🕵️Threat Intelligence

Wiz

CVE-2026-30879 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶