CVE-2021-44116

Name of the Vulnerable Software and Affected Versions: Anchor CMS versions prior to 0.12.7

Description: A Cross Site Scripting (XSS) issue exists, allowing attackers to upload malicious code in the title and content of posts to obtain administrator cookies and perform other malicious operations.

Recommendations: For versions prior to 0.12.7, update to version 0.12.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the posts.php file to minimize the risk of exploitation. Avoid using the posts column to upload unvalidated user input until the issue is resolved.