Описание
Cross-site Scripting in Anchor CMS
Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations.
Пакеты
Наименование
anchorcms/anchor-cms
composer
Затронутые версииВерсия исправления
<= 0.12.7
Отсутствует
Связанные уязвимости
CVSS3: 6.1
nvd
около 4 лет назад
Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations.