Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

50 matches found

Cvelist
Cvelistadded 2026/05/16 3:25 p.m.33 views

CVE-2020-37237 Composr CMS 10.0.34 Persistent Cross-Site Scripting via banners

Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner...

6.4CVSS0.00034EPSS
Exploits0References4
CVE
CVEadded 2026/05/16 3:25 p.m.9 views

CVE-2020-37237

Summary : CVE-2020-37237 affects Composr CMS 10.0.34. A persistent cross-site scripting (XSS) flaw exists in the banner management interface, enabling authenticated administrators to inject scripts via the Description field in Add banner. Payloads executed for all visitors when they access the ho...

6.4CVSS5.7AI score0.00034EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/16 3:25 p.m.6 views

CVE-2020-37237 Composr CMS 10.0.34 Persistent Cross-Site Scripting via banners

Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner...

6.4CVSS5.7AI score0.00034EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/16 3:25 p.m.6 views

EUVD-2020-31241

Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner...

6.4CVSS5.7AI score0.00034EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2021-25147

Malware in sbrugna...

6.1CVSS6.3AI score0.00317EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2018-18273

Malware in sbrugna...

4.8CVSS5.1AI score0.00287EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2021-25146

Malware in sbrugna...

5.4CVSS5.6AI score0.00302EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2021-33048

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.04222EPSS
Exploits4References2
RedhatCVE
RedhatCVEadded 2025/05/22 8:10 p.m.2 views

CVE-2021-38709

In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staffmessaging messaging system for XSS...

6.1CVSS7AI score0.00317EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 7:19 p.m.3 views

CVE-2021-38708

In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS...

5.4CVSS7AI score0.00302EPSS
Exploits0References1
0day.today
0day.todayadded 2023/03/27 12:0 a.m.223 views

Composr CMS Version <=10.0.39 - Authenticated Remote Code Execution Exploit

Exploit Title: Composr-CMS Version Commandr !/usr/bin/python3 import requests from bs4 import BeautifulSoup import time cookies = 'hascookies': '1', 'PHPSESSID': 'ddf2e7c8ff1000a7c27b132b003e1f5c', You need to change this as it is dynamic 'commandrdir': 'L3Jhdy91cGxvYWRzL2ZpbGVkdW1wLw%3D%3D',...

8.8CVSS8.7AI score0.04222EPSS
Exploits4
Packet Storm
Packet Stormadded 2023/03/27 12:0 a.m.201 views

Composr-CMS 10.0.39 Remote Code Execution

Exploit Title: Composr-CMS Version Commandr !/usr/bin/python3 import requests from bs4 import BeautifulSoup import time cookies = 'hascookies': '1', 'PHPSESSID': 'ddf2e7c8ff1000a7c27b132b003e1f5c', You need to change this as it is dynamic 'commandrdir': 'L3Jhdy91cGxvYWRzL2ZpbGVkdW1wLw%3D%3D',...

8.8CVSS8.8AI score0.04222EPSS
Exploits4
Exploit DB
Exploit DBadded 2023/03/25 12:0 a.m.203 views

Composr-CMS Version &lt;=10.0.39 - Authenticated Remote Code Execution

Exploit Title: Composr-CMS Version Commandr !/usr/bin/python3 import requests from bs4 import BeautifulSoup import time cookies = 'hascookies': '1', 'PHPSESSID': 'ddf2e7c8ff1000a7c27b132b003e1f5c', You need to change this as it is dynamic 'commandrdir': 'L3Jhdy91cGxvYWRzL2ZpbGVkdW1wLw%3D%3D',...

8.8CVSS8.9AI score0.04222EPSS
Exploits4
OSV
OSVadded 2022/02/09 2:15 p.m.18 views

CVE-2021-46360

Authenticated remote code execution RCE in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr...

8.8CVSS8.6AI score
Exploits0References2
NVD
NVDadded 2022/02/09 2:15 p.m.9 views

CVE-2021-46360

Authenticated remote code execution RCE in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr...

8.8CVSS0.04222EPSS
Exploits4References2
Prion
Prionadded 2022/02/09 2:15 p.m.11 views

Remote code execution

Authenticated remote code execution RCE in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr...

6.5CVSS9.2AI score0.04222EPSS
Exploits4References2Affected Software1
Cvelist
Cvelistadded 2022/02/09 12:0 a.m.14 views

CVE-2021-46360

Authenticated remote code execution RCE in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr...

9.4AI score0.04222EPSS
Exploits4References2
CVE
CVEadded 2022/02/09 12:0 a.m.88 views

CVE-2021-46360

Composr-CMS 10.0.39 and earlier is affected by an authenticated remote code execution vulnerability. The issue allows an authenticated attacker to upload a PHP shell via /adminzone/index.php?page=admin-commandr, enabling arbitrary code execution on the server. Public exploit references exist (e.g...

8.8CVSS9.2AI score0.04222EPSS
Exploits4References2Affected Software1
Positive Technologies
Positive Technologiesadded 2022/02/09 12:0 a.m.2 views

PT-2022-12668 · Unknown · Composr Cms

Name of the Vulnerable Software and Affected Versions: Composr-CMS versions 10.0.39 and earlier Description: The issue allows remote attackers to execute arbitrary code via uploading a PHP shell through the "/adminzone/index.php?page=admin-commandr" API endpoint. This enables attackers to perform...

8.8CVSS9AI score0.04222EPSS
Exploits4References7
NVD
NVDadded 2021/08/16 3:15 a.m.7 views

CVE-2021-38709

In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staffmessaging messaging system for XSS...

6.1CVSS0.00317EPSS
Exploits0References1
Rows per page
Query Builder