2 matches found
CVE-2021-38709
The CVE concerns ocProducts Composr CMS prior to 10.0.38, where the staff_messaging system allows JavaScript injection, enabling XSS. Root cause: inadequate input handling in the staff_messaging pathway leading to script injection. Impact (per sources): attacker-supplied script execution in the c...
CVE-2021-38708
CVE-2021-38708 affects ocProducts Composr CMS prior to 10.0.38. An attacker can trigger a JavaScript injection via Comcode, resulting in a cross-site scripting (XSS) vulnerability. The root cause is improper handling of Comcode input allowing injected script. Documents consistently describe this ...