CVE-2021-44116: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

January 5, 2022

Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations.

References

github.com/advisories/GHSA-7mq6-cp5m-f4j5
nvd.nist.gov/vuln/detail/CVE-2021-44116
www.cnblogs.com/unrealnumb/p/15573449.html

Detect and mitigate CVE-2021-44116 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →