CVE-2026-32734
DOM-Based XSS in baserCMS Tag Creation Before
Publication date: 2026-03-31
Last updated on: 2026-04-01
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| basercms | basercms | to 5.2.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-32734 is a high-severity DOM-based cross-site scripting (XSS) vulnerability in baserCMS versions 5.2.2 and earlier. It occurs during tag creation in the Mail form and Blog tag packages, allowing an attacker to execute malicious JavaScript code.
The attack requires no privileges but does require user interaction and can be exploited remotely over the network.
This vulnerability affects the confidentiality, integrity, and availability of the system at a low level but causes a scope change, meaning it impacts components beyond its immediate security boundary.
The issue was fixed in baserCMS version 5.2.3.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute malicious JavaScript code remotely, which may lead to unauthorized actions within the affected baserCMS application.
- Compromise of confidentiality by exposing sensitive information.
- Integrity impact by allowing unauthorized modification of data.
- Availability impact by potentially disrupting normal operations.
Although these impacts are rated low individually, the vulnerability causes a scope change, meaning it can affect components beyond its immediate security boundary, increasing the overall risk.
Users are advised to update to baserCMS version 5.2.3 to mitigate this vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update baserCMS to version 5.2.3 or later, where the issue has been patched.
This update addresses the DOM-based cross-site scripting vulnerability present in versions 5.2.2 and earlier, specifically in the Mail form and Blog tag packages.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability is a DOM-based cross-site scripting (XSS) issue that can lead to low-level impacts on confidentiality, integrity, and availability with a changed scope, meaning it affects components beyond its immediate security boundary.
Such vulnerabilities can potentially affect compliance with standards and regulations like GDPR and HIPAA because they may expose user data or allow unauthorized actions, thereby impacting data confidentiality and integrity requirements mandated by these regulations.
However, the provided information does not explicitly state the direct impact on compliance with these standards.