What is Composr CMS?
Composr is a very flexible CMS with advanced social, interactive and dynamic functionality.
Hundreds of features are available out of the box, as well as building blocks, and further addons (think multi-channel content delivery).
Composr is embraced by Fortune-100 companies, government agencies, and small startups. We make all the best ideas available to everyone.
- Huge integrated feature-set
- Enthusiastic community
- No licensing costs
- HTML5, CSS3, WCAG
- Curated Order
- Newest First
- Most up-voted
- Recently up-voted
Composr uses SVG for rendering out stats graphs. When stats are viewed in the Admin Zone, Composr will generate the .xml files onto disk, and then embed those files. However, the URLs to the files are predictable and not access-protected.
This is a low risk vulnerability. While illicit access to stats graphs is not acceptable, there are no wider known repercussions and similar data may be available via third-party tools anyway (such as Alexa).
Hackers may directly access the URLs to various on-disk files due to lack of protection for IIS users that is built in for Apache users.
Such files include the raw source code of pages, raw templates, and raw language files.
This is a low-to-medium risk vulnerability. The majority of users are not hiding privileged content with guessable page names in Comcode pages, but for those that are, this is a concern. Access to raw templates and language files would rarely be a concern.
10.0.28 released. Read the full article for more information, and upgrade information.
A number of development practices have been overhauled around how development work is messaged. This is to improve communication to Composr users and also within the development team.
Newsletter Sign up
Get the latest news and updates with the Composr CMS e-mail newsletter. We'll keep you posted on the latest featured topics, research studies, videos, tools and upcoming web events.