← back
CVE-2020-37237

Composr CMS 10.0.34 Persistent Cross-Site Scripting via banners

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner functionality, which execute for all website visitors when they access the home page.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Affected products
Compo · Composr CMS
public PoCs found1
cve_referencewww.exploit-db.com/exploits/49190unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://compo.sr/https://compo.sr/download.htmhttps://www.exploit-db.com/exploits/49190https://www.vulncheck.com/advisories/composr-cms-persistent-cross-site-scripting-via-banners