CVE-2021-44116
https://notcve.org/view.php?id=CVE-2021-44116
Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Anchor CMS versiones anteriores a 0.12.7 incluyéndola, en el archivo posts.php. Los atacantes pueden usar la columna posts para cargar el título y el contenido que contiene código malicioso para lograr el propósito de obtener la cookie del administrador, logrando así otras operaciones maliciosas • https://www.cnblogs.com/unrealnumb/p/15573449.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-5060
https://notcve.org/view.php?id=CVE-2015-5060
Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en anchor-cms en versiones anteriores a la 0.9-dev. • http://github.com/anchorcms/anchor-cms/issues/875 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-5687
https://notcve.org/view.php?id=CVE-2015-5687
system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie. system/session/drivers/cookie.php en Anchor CMS 0.9.x permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través de una cookie serializada manipulada. • http://seclists.org/fulldisclosure/2015/Aug/76 http://seclists.org/fulldisclosure/2015/Aug/83 https://github.com/anchorcms/anchor-cms/pull/904 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2014-9182 – Anchor CMS 0.9.2 Header Injection
https://notcve.org/view.php?id=CVE-2014-9182
models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header. models/comment.php en Anchor CMS 0.9.2 y anteriores permite a atacantes remotos inyectar cabeceras arbitrarias en mensajes de correo a través de una cabecera Host: manipulada. Anchor CMS versions 0.9.2 and below suffer from a header injection vulnerability. • http://packetstormsecurity.com/files/129042/Anchor-CMS-0.9.2-Header-Injection.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-5099 – Anchor CMS 0.9.1 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-5099
Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. NOTE: some sources have reported that comments.php is vulnerable, but certain functions from comments.php are used by article.php. Vulnerabilidad Cross-site scripting (XSS) en article.php en Anchor CMS v0.9.1, cuando los comentarios están habilitados, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo “Name”. NOTA: algunas fuentes han informado de que comments.php es vulnerable, pero determinadas funciones de comments.php son utilizados por article.php. • https://www.exploit-db.com/exploits/26958 http://www.exploit-db.com/exploits/26958 http://www.securityfocus.com/bid/61376 https://exchange.xforce.ibmcloud.com/vulnerabilities/85888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •