CVE-2021-44116 – anchorcms/anchor-cms

Package

Manager: composer
Name: anchorcms/anchor-cms
Vulnerable Version: >=0 <=0.12.7

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0024 pctl0.47196

Details

Cross-site Scripting in Anchor CMS Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations.

Metadata

Created: 2022-01-05T14:54:36Z
Modified: 2022-01-04T20:59:44Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-7mq6-cp5m-f4j5/GHSA-7mq6-cp5m-f4j5.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-7mq6-cp5m-f4j5
Finding: F425
Auto approve: 1