2021-08-16 02:39:55
mitre
PUBLISHED
In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging messaging system for XSS.