Anchor CMS v0.6 Multiple Persistent XSS Vulnerabilities

Anchor CMS suffers from multiple stored and reflected XSS vulnerabilities when parsing user input to several parameters via GET and POST method. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.

Dork: “intext:Powered by Anchor, version 0.6

Advisory ID: ZSL-2012-5085
Advisory details: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5085.php

Comment are closed.