CVE-2026-32734
Received Received - Intake
DOM-Based XSS in baserCMS Tag Creation Before

Publication date: 2026-03-31

Last updated on: 2026-04-01

Assigner: GitHub, Inc.

Description
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-04-01
Generated
2026-06-16
AI Q&A
2026-03-31
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32734
EUVD
EUVD-2026-17269
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
basercms basercms to 5.2.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-32734 is a high-severity DOM-based cross-site scripting (XSS) vulnerability in baserCMS versions 5.2.2 and earlier. It occurs during tag creation in the Mail form and Blog tag packages, allowing an attacker to execute malicious JavaScript code.

The attack requires no privileges but does require user interaction and can be exploited remotely over the network.

This vulnerability affects the confidentiality, integrity, and availability of the system at a low level but causes a scope change, meaning it impacts components beyond its immediate security boundary.

The issue was fixed in baserCMS version 5.2.3.

Impact Analysis

This vulnerability can allow an attacker to execute malicious JavaScript code remotely, which may lead to unauthorized actions within the affected baserCMS application.

  • Compromise of confidentiality by exposing sensitive information.
  • Integrity impact by allowing unauthorized modification of data.
  • Availability impact by potentially disrupting normal operations.

Although these impacts are rated low individually, the vulnerability causes a scope change, meaning it can affect components beyond its immediate security boundary, increasing the overall risk.

Users are advised to update to baserCMS version 5.2.3 to mitigate this vulnerability.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update baserCMS to version 5.2.3 or later, where the issue has been patched.

This update addresses the DOM-based cross-site scripting vulnerability present in versions 5.2.2 and earlier, specifically in the Mail form and Blog tag packages.

Compliance Impact

The vulnerability is a DOM-based cross-site scripting (XSS) issue that can lead to low-level impacts on confidentiality, integrity, and availability with a changed scope, meaning it affects components beyond its immediate security boundary.

Such vulnerabilities can potentially affect compliance with standards and regulations like GDPR and HIPAA because they may expose user data or allow unauthorized actions, thereby impacting data confidentiality and integrity requirements mandated by these regulations.

However, the provided information does not explicitly state the direct impact on compliance with these standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32734. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart