Lucene search
Veracode Vulnerability DatabaseVERACODE:33360HistoryDec 16, 2021 - 6:00 a.m.
Cross-Site Scripting (XSS)
2021-12-1606:00:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.001 Low
EPSS
Percentile
34.0%
anchorcms/anchor-cms is vulnerable to cross-site scripting (XSS) attacks. The library does not properly sanitize the posts column in ‘posts.php’, allowing an attacker to upload the title and content which contains malicious code to obtain admin cookie to get the admin access.
| CPE | Name | Operator | Version |
|---|---|---|---|
| anchorcms/anchor-cms | le | 0.12.7 | |
| anchorcms/anchor-cms | le | 0.12.7 |
Related
cve
cve
CVE-2021-44116
2021-12-15 22:15:07
cnvd
cnvd
Anchor Cross-Site Scripting Vulnerability (CNVD-2021-103514)
2021-12-17 00:00:00
osv
osv
CVE-2021-44116
2021-12-15 22:15:07
Cross-site Scripting in Anchor CMS
2022-01-05 14:54:36
prion
prion
Cross site scripting
2021-12-15 22:15:00
gitlab
gitlab
cvelist
cvelist
CVE-2021-44116
2021-12-15 22:00:46
github
github
Cross-site Scripting in Anchor CMS
2022-01-05 14:54:36
nvd
nvd
CVE-2021-44116
2021-12-15 22:15:07