Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations.
CPE | Name | Operator | Version |
---|---|---|---|
anchor-cms | eq | 0.8.2 | |
anchor-cms | eq | 0.9.1 | |
anchor-cms | eq | 0.12.1 | |
anchor-cms | eq | 0.12 | |
anchor-cms | eq | 0.9.3-b | |
anchor-cms | eq | 0.4 | |
anchor-cms | eq | 0.9 | |
anchor-cms | eq | 0.12.3 | |
anchor-cms | eq | 0.5 | |
anchor-cms | eq | 0.9.3-a |