Tag
medium
advisory
baserCMS DOM-Based Cross-Site Scripting Vulnerability (CVE-2026-32734)
2 rules 1 TTP 1 CVEbaserCMS versions prior to 5.2.3 are vulnerable to DOM-based Cross-Site Scripting (XSS) due to improper neutralization of input during web page generation, potentially allowing a remote attacker to execute arbitrary JavaScript in a user's browser.
xss
vulnerability
basercms
2r
1t
1c
critical
advisory
baserCMS OS Command Injection Vulnerability (CVE-2026-30877)
2 rules 1 TTP 1 CVEbaserCMS prior to version 5.2.3 contains an OS command injection vulnerability in the update functionality, allowing authenticated administrators to execute arbitrary OS commands on the server.
basercms
command-injection
webserver
2r
1t
1c
critical
advisory
baserCMS Pre-Auth Arbitrary Code Execution via Zip Upload (CVE-2025-32957)
2 rules 6 TTPs 1 CVE 4 IOCsbaserCMS versions prior to 5.2.3 are vulnerable to arbitrary code execution via a crafted zip file upload through the restore function, leading to unauthenticated remote command execution on the webserver.
basercms
rce
cve-2025-32957
webserver
2r
6t
1c
4i