anchorcms/anchor-cms is vulnerable to cross-site scripting (XSS) attacks. The library does not properly sanitize the posts column in ‘posts.php’, allowing an attacker to upload the title and content which contains malicious code to obtain admin cookie to get the admin access.
CPE | Name | Operator | Version |
---|---|---|---|
anchorcms/anchor-cms | le | 0.12.7 | |
anchorcms/anchor-cms | le | 0.12.7 |