{"id":"CVE-2021-30150","details":"Composr 10.0.36 allows XSS in an XML script.","modified":"2026-03-14T10:57:48.750035Z","published":"2021-04-06T06:15:15.483Z","references":[{"type":"FIX","url":"https://gitlab.com/composr-foundation/composr/commit/833a06466"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/162111/Composr-CMS-10.0.36-Cross-Site-Scripting.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/composr-foundation/composr","events":[{"introduced":"0"},{"last_affected":"c20126f653e77cb9d38ac426ece0b52e99f43ca8"},{"fixed":"833a06466"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"10.0.36"}]}}],"versions":["10","10.0.1","10.0.10","10.0.11","10.0.12","10.0.13","10.0.14","10.0.15","10.0.16","10.0.17","10.0.18","10.0.19","10.0.2","10.0.20","10.0.21","10.0.22","10.0.23","10.0.24","10.0.25","10.0.26","10.0.27","10.0.28","10.0.29","10.0.3","10.0.30","10.0.31","10.0.32","10.0.33","10.0.34","10.0.35","10.0.36","10.0.4","10.0.5","10.0.6","10.0.7","10.0.8","10.0.9","10.RC1","10.RC10","10.RC11","10.RC12","10.RC13","10.RC14","10.RC15","10.RC16","10.RC17","10.RC18","10.RC19","10.RC2","10.RC20","10.RC21","10.RC22","10.RC23","10.RC24","10.RC25","10.RC27","10.RC28","10.RC29","10.RC3","10.RC3-2","10.RC30","10.RC31","10.RC32","10.RC33","10.RC4","10.RC5","10.RC7","10.RC8","10.RC9","10.beta2","10.beta3","10.beta4","10.beta5","10beta1","beta1_rerelease"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-30150.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}