CVE-2021-39136
8.7 HIGHbaserCMS is an open source content management system with a focus on Japanese language support
Published: 2021-08-25 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 8.7 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
- CWE
- CWE-79
Affected products
| Vendor | Product |
|---|---|
| basercms | basercms |
Description
baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS. Users are advised to update as soon as possible. No workaround are available to mitigate this issue.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-39136
- [Other]http://jvn.jp/en/jp/JVN14134801/index.html
- [Vendor advisory]https://basercms.net/security/JVN_14134801
- [Patch]https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bc
- [Other]https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3
- [Other]http://jvn.jp/en/jp/JVN14134801/index.html
- [Vendor advisory]https://basercms.net/security/JVN_14134801
- [Patch]https://github.com/baserproject/basercms/commit/568d4cab5ba1cdee7bbf0133c676d02a98f6d7bc
- [Other]https://github.com/baserproject/basercms/security/advisories/GHSA-hgjr-632x-qpp3
Related CVEs
Same CWE
- CVE-2026-12425 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access ...
- CVE-2024-30476 — PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager (5.4 MEDIUM)
- CVE-2026-54198 — Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions (7.1 HIGH)
- CVE-2026-54191 — Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions (7.1 HIGH)
- CVE-2026-39437 — Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions (7.1 HIGH)