XSS in Anchorcms Anchor_cms

CVE-2014-9182

models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.010 (58.7th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References