Description
Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2022-0502 | Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations. |
Github GHSA |
GHSA-7mq6-cp5m-f4j5 | Cross-site Scripting in Anchor CMS |
References
| Link | Providers |
|---|---|
| https://www.cnblogs.com/unrealnumb/p/15573449.html |
|
History
No history.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-04T04:10:17.295Z
Reserved: 2021-11-22T00:00:00.000Z
Link: CVE-2021-44116
No data.
Status : Modified
Published: 2021-12-15T22:15:07.250
Modified: 2026-06-17T04:11:54.970
Link: CVE-2021-44116
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
EUVD
Github GHSA