Major Versions
click and drag to zoom
Security Vulnerabilities for Version:
Severities:
Type
|
Identifier
|
Related Record |
Severity
|
Date Published
|
Description | Versions Affected |
|---|---|---|---|---|---|
| CVE-2021-46360 | High | Feb 09, 2022 | Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shel more... |
10.0.35, 10.0.29, 10.0.37, 10.0.32, 10.0.33, 10.0.31, 10.0.28, 10.0, 10.0.36, 10.0.34
|
|
| CVE-2021-38709 | Medium | Aug 16, 2021 | In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging messaging system for XSS. |
10.0.35, 10.0.29, 10.0.37, 10.0.32, 10.0.33, 10.0.31, 10.0.28, 10.0.36, 10.0.34, 10.0.30
|
|
| CVE-2021-38708 | Medium | Aug 16, 2021 | In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS. |
10.0.35, 10.0.29, 10.0.37, 10.0.32, 10.0.33, 10.0.31, 10.0.28, 10.0.36, 10.0.34, 10.0.30
|
|
| BDSA-2021-0929 | High | Apr 14, 2021 | Composr CMS is vulnerable to a remote code execution (RCE) issue due to how the 'Galleries' functionality does not sufficiently prevent the upload of b more... | ||
| BDSA-2021-0910 | High | Apr 12, 2021 | Composr Content Management System (CMS) is vulnerable to cross-site scripting (XSS) due to a lack of sanitization of user-supplied input. An attacker c more... |
