本頁列出影響 compo composr_cms 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2020-37237 | Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner functionality, which execute for all website visitors when they access the home page. | [email protected] | 5.1 | 0.24% | 2026-05-16 | 2026-06-16 |
| CVE-2021-38709 | In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging messaging system for XSS. | [email protected] | 6.1 | 0.58% | 2021-08-15 | 2026-06-17 |
| CVE-2021-38708 | In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS. | [email protected] | 5.4 | 0.47% | 2021-08-15 | 2026-06-17 |
| CVE-2018-6518 | Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php. | [email protected] | 4.8 | 0.80% | 2018-04-26 | 2026-06-16 |