anchorcms/anchor-cms is vulnerable to cross-site scripting (XSS). A user with a privilege to login as administrator is allowed to post arbitrary script via the post creation feature which will execute in a user’s browser when visited.
CPE | Name | Operator | Version |
---|---|---|---|
anchorcms/anchor-cms | le | 0.12.7 |