CVE-2021-44116

Опубликовано: 15 дек. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations.

Ссылки

https://www.cnblogs.com/unrealnumb/p/15573449.html
Exploit
Third Party Advisory
https://www.cnblogs.com/unrealnumb/p/15573449.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:anchorcms:anchor_cms:*:*:*:*:*:*:*:*

Версия до 0.12.7 (включая)

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-7mq6-cp5m-f4j5