1 results (0.001 seconds)

CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. NOTE: some sources have reported that comments.php is vulnerable, but certain functions from comments.php are used by article.php. Vulnerabilidad Cross-site scripting (XSS) en article.php en Anchor CMS v0.9.1, cuando los comentarios están habilitados, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo “Name”. NOTA: algunas fuentes han informado de que comments.php es vulnerable, pero determinadas funciones de comments.php son utilizados por article.php. • https://www.exploit-db.com/exploits/26958 http://www.exploit-db.com/exploits/26958 http://www.securityfocus.com/bid/61376 https://exchange.xforce.ibmcloud.com/vulnerabilities/85888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •