本ページは compo composr_cms に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2020-37237 | Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner functionality, which execute for all website visitors when they access the home page. | [email protected] | 5.1 | 0.24% | 2026-05-16 | 2026-06-16 |
| CVE-2021-38709 | In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging messaging system for XSS. | [email protected] | 6.1 | 0.58% | 2021-08-15 | 2026-06-17 |
| CVE-2021-38708 | In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS. | [email protected] | 5.4 | 0.47% | 2021-08-15 | 2026-06-17 |
| CVE-2018-6518 | Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php. | [email protected] | 4.8 | 0.80% | 2018-04-26 | 2026-06-16 |