GHSA-7mq6-cp5m-f4j5

Source

https://github.com/advisories/GHSA-7mq6-cp5m-f4j5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-7mq6-cp5m-f4j5/GHSA-7mq6-cp5m-f4j5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7mq6-cp5m-f4j5

Aliases

CVE-2021-44116

Published

2022-01-05T14:54:36Z

Modified

2023-11-08T04:07:15.574758Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Cross-site Scripting in Anchor CMS

Details

Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations.

Database specific

{
    "nvd_published_at": "2021-12-15T22:15:00Z",
    "github_reviewed_at": "2022-01-04T20:59:44Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Packagist / anchorcms/anchor-cms

Package

Name: anchorcms/anchor-cms
Purl: pkg:composer/anchorcms/anchor-cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

0.12.7

Affected versions

0.*

0.9

0.9.1

0.9.2

0.9.3-a

0.9.3-b

0.9.3

0.9.3.1-a

0.11

0.12

0.12.1

0.12.3a

0.12.3

0.12.6

0.12.7