Описание
Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. NOTE: some sources have reported that comments.php is vulnerable, but certain functions from comments.php are used by article.php.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:anchor:anchor_cms:0.9.1:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.02811
Низкий
2.6 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. NOTE: some sources have reported that comments.php is vulnerable, but certain functions from comments.php are used by article.php.
EPSS
Процентиль: 86%
0.02811
Низкий
2.6 Low
CVSS2
Дефекты
CWE-79