CVE-2021-44116

MEDIUM6.1EPSS 0.24%

Cross-site Scripting in Anchor CMS

發布日:2022/1/5修改日:2023/11/8

描述

Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations.

受影響套件(1)

Packagist/anchorcms/anchor-cmsfrom 0, <= 0.12.7

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-44116
PATCHhttps://github.com/anchorcms/anchor-cms
WEBhttps://www.cnblogs.com/unrealnumb/p/15573449.html