CVE-2020-37237

MEDIUM 6.4

Composr CMS 10.0.34 Persistent Cross-Site Scripting via banners

CVSS Score

6.4

EPSS Score

0.0%

EPSS Percentile

0th

Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner functionality, which execute for all website visitors when they access the home page.

CWE	CWE-79
Vendor	compo
Product	composr cms
Published	May 16, 2026

Stay Ahead of the Next One

Get instant alerts for compo composr cms

Be the first to know when new medium vulnerabilities affecting compo composr cms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

None

Affected Versions

Compo / Composr CMS

10.0.34

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/49190 compo.sr: https://compo.sr/ compo.sr: https://compo.sr/download.htm vulncheck.com: https://www.vulncheck.com/advisories/composr-cms-persistent-cross-site-scripting-via-banners

Credits

Parshwa Bhavsar