baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7.
https://github.com/baserproject/basercms/security/advisories/GHSA-4r3m-j6x5-48m3
https://github.com/baserproject/basercms/commit/94cbfab74c9fd6d04492597a1a684674c3c0e30f
https://basercms.net/security/20200827
Source: Mitre, NVD
Published: 2020-08-28
Updated: 2026-06-17
Base Score: 2.1
Vector: CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N
Severity: Low
Base Score: 7.3
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
Severity: High
EPSS: 0.00868