3 matches found
CVE-2021-38709
The CVE concerns ocProducts Composr CMS prior to 10.0.38, where the staff_messaging system allows JavaScript injection, enabling XSS. Root cause: inadequate input handling in the staff_messaging pathway leading to script injection. Impact (per sources): attacker-supplied script execution in the c...
CVE-2021-38708
CVE-2021-38708 affects ocProducts Composr CMS prior to 10.0.38. An attacker can trigger a JavaScript injection via Comcode, resulting in a cross-site scripting (XSS) vulnerability. The root cause is improper handling of Comcode input allowing injected script. Documents consistently describe this ...
CVE-2018-6518
Composr CMS 10.0.13 is affected by a Cross‑Site Scripting (XSS) vulnerability. The issue is triggered via the site_name parameter in a request to /adminzone/index.php with page=admin-setupwizard&type=step3, indicating inadequate input sanitization in that path. Publicly available connected docume...