PT-2020-13024 · Anchor · Anchor
Secgus
·
Published
2020-04-23
·
Updated
2020-04-27
·
CVE-2020-12071
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Anchor version 0.12.7
Description
The issue allows admins to cause cross-site scripting (XSS) via crafted post content.
Recommendations
For Anchor version 0.12.7, consider restricting the ability of admins to post crafted content until a fix is available. As a temporary workaround, avoid using the vulnerable post content feature to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Anchor