CVE-2026-32734 — Cross-site Scripting in Basercms

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.0%

top 90.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Baserproject Basercms Basercms

Timeline

PublishedMar 31

Description

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDbasercms/basercms< 5.2.3

▶CVEListV5baserproject/basercms< 5.2.3

▶Packagistbaserproject/basercms< 5.2.3

🔴Vulnerability Details

GHSA

baserCMS is Vulnerable to Cross-site Scripting↗2026-03-31

▶

OSV

baserCMS is Vulnerable to Cross-site Scripting↗2026-03-31

▶

🕵️Threat Intelligence

Wiz

CVE-2026-32734 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶