A cross-site scripting vulnerability in anchor-cms

1.First, we download the latest version (0.12.7) of the software on GitHub,and then you can find in the /theme/posts.php file that there is no filtering for user input：

 

 2.Therefore, we only need to submit the article containing malicious code and the title to trigger the vulnerabili