Unknown · Anchor Cms · CVE-2021-44116
Name of the Vulnerable Software and Affected Versions:
Anchor CMS versions prior to 0.12.7
Description:
A Cross Site Scripting (XSS) issue exists, allowing attackers to upload malicious code in the title and content of posts to obtain administrator cookies and perform other malicious operations.
Recommendations:
For versions prior to 0.12.7, update to version 0.12.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the posts.php file to minimize the risk of exploitation. Avoid using the posts column to upload unvalidated user input until the issue is resolved.