A cross-site scripting vulnerability in anchor-cms

1.First, we download the latest version (0.12.7) of the software on GitHub,and then you can find in the /theme/posts.php file that there is no filtering for user input:

 

 2.Therefore, we only need to submit the article containing malicious code and the title to trigger the vulnerabili

 

posted @ 2021-11-18 17:29  unreal_numb  阅读(346)  评论(0编辑  收藏  举报