← volver
CVE-2020-37237

Composr CMS 10.0.34 Persistent Cross-Site Scripting via banners

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner functionality, which execute for all website visitors when they access the home page.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Productos afectados
Compo · Composr CMS
PoCs públicas encontradas1
cve_referencewww.exploit-db.com/exploits/49190no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://compo.sr/https://compo.sr/download.htmhttps://www.exploit-db.com/exploits/49190https://www.vulncheck.com/advisories/composr-cms-persistent-cross-site-scripting-via-banners