VYPR

Composr CMS

by Composr

CVEs (6)

  • CVE-2021-30149CriApr 6, 2021
    risk 0.68cvss 9.8epss 0.10

    Composr 10.0.36 allows upload and execution of PHP files.

  • CVE-2021-46360HigFeb 9, 2022
    risk 0.61cvss 8.8epss 0.09

    Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr.

  • CVE-2021-30150MedApr 6, 2021
    risk 0.43cvss 6.1epss 0.03

    Composr 10.0.36 allows XSS in an XML script.

  • CVE-2020-37237MedMay 16, 2026
    risk 0.42cvss 6.4epss 0.00

    Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add…

  • CVE-2020-8789MedMay 22, 2020
    risk 0.35cvss 5.4epss 0.01

    Composr 10.0.30 allows Persistent XSS via a Usergroup name under the Security configuration.

  • CVE-2018-6518MedApr 26, 2018
    risk 0.31cvss 4.8epss 0.01

    Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php.