Composr CMS
by Composr
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-30149 | Cri | 0.68 | 9.8 | 0.10 | Apr 6, 2021 | Composr 10.0.36 allows upload and execution of PHP files. | ||
| CVE-2021-46360 | Hig | 0.61 | 8.8 | 0.09 | Feb 9, 2022 | Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr. | ||
| CVE-2021-30150 | Med | 0.43 | 6.1 | 0.03 | Apr 6, 2021 | Composr 10.0.36 allows XSS in an XML script. | ||
| CVE-2020-37237 | Med | 0.42 | 6.4 | 0.00 | May 16, 2026 | Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add… | ||
| CVE-2020-8789 | Med | 0.35 | 5.4 | 0.01 | May 22, 2020 | Composr 10.0.30 allows Persistent XSS via a Usergroup name under the Security configuration. | ||
| CVE-2018-6518 | Med | 0.31 | 4.8 | 0.01 | Apr 26, 2018 | Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php. |
- risk 0.68cvss 9.8epss 0.10
Composr 10.0.36 allows upload and execution of PHP files.
- risk 0.61cvss 8.8epss 0.09
Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr.
- risk 0.43cvss 6.1epss 0.03
Composr 10.0.36 allows XSS in an XML script.
- risk 0.42cvss 6.4epss 0.00
Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add…
- risk 0.35cvss 5.4epss 0.01
Composr 10.0.30 allows Persistent XSS via a Usergroup name under the Security configuration.
- risk 0.31cvss 4.8epss 0.01
Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php.