CVE-2021-44116

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-44116

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44116.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-44116

Aliases

GHSA-7mq6-cp5m-f4j5

Published

2021-12-15T22:15:07Z

Modified

2024-09-03T03:57:26.975492Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations.

References

https://www.cnblogs.com/unrealnumb/p/15573449.html

Affected packages

Git / github.com/anchorcms/anchor-cms

Affected ranges

Type: GIT
Repo: https://github.com/anchorcms/anchor-cms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

08e8e507909ee55b588674563b8ea21646ed9425

Affected versions

0.*

0.11

0.12

0.12.1

0.12.3

0.12.3a

0.12.6

0.12.7

0.4

0.5

0.6

0.7

0.7.2

0.8

0.8.1

0.8.2

0.9

0.9.1

0.9.2

0.9.3

0.9.3-a

0.9.3-b

0.9.3.1-a