Skip to main content

Composr Cms

4 CVEs product

Monthly

CVE-2020-37237 MEDIUM POC This Month

Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Composr Cms
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-38709 MEDIUM This Month

In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging messaging system for XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Composr Cms
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-38708 MEDIUM This Month

In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Composr Cms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2018-6518 MEDIUM POC This Month

Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Composr Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.8%
EPSS 0% CVSS 5.1
MEDIUM POC This Month

Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Composr Cms
NVD Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM This Month

In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging messaging system for XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Composr Cms
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Composr Cms
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Composr Cms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy