Vulnerabilities > Compo > Composr CMS > 10.0.13
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-16 | CVE-2021-38708 | Cross-site Scripting vulnerability in Compo Composr CMS In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS. | 3.5 |
| 2021-08-16 | CVE-2021-38709 | Cross-site Scripting vulnerability in Compo Composr CMS In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging messaging system for XSS. | 4.3 |
| 2018-04-26 | CVE-2018-6518 | Cross-site Scripting vulnerability in Compo Composr CMS 10.0.13 Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php. | 3.5 |