MEDIUM SeverityCVSS 4.05.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

CVE-2020-37237

Last updated May 16, 2026 · Published May 16, 2026

Description

Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner functionality, which execute for all website visitors when they access the home page.

Affected products

1 listed

Compo:Composr CMS

Mappings

CWE

CWE-79

CAPEC

None listed.

Research

Cross-Site Scripting (XSS)Covers reflected, stored, and DOM based XSS risks and why they remain high impact. Provides prevention…

Training

XSS in React, Vue and Server ComponentsCross-site scripting in modern component frameworks and how to prevent it.

CVE-2020-37237

Description

Affected products

Mappings

Related