Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php.
4.8CVSS
4.8AI Score
0.001EPSS
In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS.
5.4CVSS
5.5AI Score
0.001EPSS
In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging messaging system for XSS.
6.1CVSS
6.3AI Score
0.001EPSS