CVE-2021-44116

MEDIUM6.1EPSS 0.24%

Cross-site Scripting in Anchor CMS

Published: 1/5/2022Modified: 11/8/2023

Description

Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations.

Affected packages (1)

Packagist/anchorcms/anchor-cmsfrom 0, <= 0.12.7

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-44116
PATCHhttps://github.com/anchorcms/anchor-cms
WEBhttps://www.cnblogs.com/unrealnumb/p/15573449.html