CVE-2020-37237

MEDIUM

Composr CMS 10.0.34 Persistent Cross-Site Scripting via banners

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37237. PoCs published by Parshwa Bhavsar.

AI-analyzed exploit summary This is a technical writeup describing a persistent XSS vulnerability in Composr CMS 10.0.34. The vulnerability allows an attacker to inject malicious JavaScript into the 'Description' field of a banner, which executes when users visit the website.

Description

Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner functionality, which execute for all website visitors when they access the home page.

Exploits (1)

exploitdb WRITEUP

by Parshwa Bhavsar · textwebappsphp

https://www.exploit-db.com/exploits/49190

View Code ZIP pw:eip

This is a technical writeup describing a persistent XSS vulnerability in Composr CMS 10.0.34. The vulnerability allows an attacker to inject malicious JavaScript into the 'Description' field of a banner, which executes when users visit the website.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Composr CMS 10.0.34

Auth required

Prerequisites: admin credentials · access to the CMS admin panel

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed May 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-49190

https://www.exploit-db.com/exploits/49190

Product product

Official Product Homepage

https://compo.sr/

Product product

Product Reference

https://compo.sr/download.htm

Third Party Advisory third-party-advisory

VulnCheck Advisory: Composr CMS 10.0.34 Persistent Cross-Site Scripting via banners

https://www.vulncheck.com/advisories/composr-cms-persistent-cross-site-scripting-via-banners

Scores

CVSS v3 6.4

EPSS 0.0024

EPSS Percentile 14.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

Compo/Composr CMS 10.0.34

Published May 16, 2026

Tracked Since May 16, 2026