This page lists publicly disclosed CVE vulnerabilities affecting compo composr_cms (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-37237 | Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner functionality, which execute for all website visitors when they access the home page. | [email protected] | 5.1 | 0.24% | 2026-05-16 | 2026-06-16 |
| CVE-2021-38709 | In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging messaging system for XSS. | [email protected] | 6.1 | 0.58% | 2021-08-15 | 2026-06-17 |
| CVE-2021-38708 | In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS. | [email protected] | 5.4 | 0.47% | 2021-08-15 | 2026-06-17 |
| CVE-2018-6518 | Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php. | [email protected] | 4.8 | 0.80% | 2018-04-26 | 2026-06-16 |