← Advisories

Anchor CMS v0.6 Multiple Persistent XSS Vulnerabilities

Medium
Advisory ID
ZSL-2012-5085
Release Date
20 April 2012
Vendor
Team Anchor - http://www.anchorcms.com
Affected Version
0.6-14-ga85d0a0
CVE
N/A
Tested On
Microsoft Windows XP Professional SP3 (EN), Apache 2.2.21, PHP 5.3.8, MySQL 5.5.20
Summary

Anchor is a content management system, written in PHP5, built for art-directed posts.

Description

Anchor CMS suffers from multiple stored and reflected XSS vulnerabilities when parsing user input to several parameters via GET and POST method. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

Proof of Concept
anchorcms_xss.htmlTXT
Disclosure Timeline
20.04.2012Vendor has some knowledge about the issues.
01.05.2012Vendor releases fix.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://github.com/anchorcms/anchor-cms/issues/106
[2]http://packetstormsecurity.org/files/112062
[3]http://www.securityfocus.com/bid/53181
[4]http://cxsecurity.com/issue/WLB-2012040183
[5]http://www.osvdb.org/show/osvdb/81293
[6]http://www.osvdb.org/show/osvdb/81294
[7]http://www.osvdb.org/show/osvdb/81295
[8]http://www.osvdb.org/show/osvdb/81296
[9]http://www.osvdb.org/show/osvdb/81297
[10]http://www.osvdb.org/show/osvdb/81298
[11]http://xforce.iss.net/xforce/xfdb/75061
[12]https://github.com/anchorcms/anchor-cms/tree/dev
Changelog
20.04.2012Initial release
21.04.2012Added reference [2] and [3]
22.04.2012Added reference [4]
23.04.2012Added reference [5], [6], [7], [8], [9] and [10]
24.04.2012Added reference [11]
01.05.2012Added vendor status and added reference [12]