XSS in Anchorcms Anchor_cms
CVE-2014-9182
models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.010 (58.7th percentile) — read the EPSS interpretation.
Affected products
- Anchorcms Anchor_cms — versions 0.9.1
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, x_refsource_MISC)