compo composr_cms CVE Vulnerabilities (4)

CVEs: 4 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting compo composr_cms (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 14 of 4 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2020-37237 Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner functionality, which execute for all website visitors when they access the home page. [email protected] 5.1 0.24% 2026-05-16 2026-06-16
CVE-2021-38709 In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging messaging system for XSS. [email protected] 6.1 0.58% 2021-08-15 2026-06-17
CVE-2021-38708 In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS. [email protected] 5.4 0.47% 2021-08-15 2026-06-17
CVE-2018-6518 Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php. [email protected] 4.8 0.80% 2018-04-26 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence