3cfac1e6a4
15 changes to exploits/shellcodes/ghdb AirKeyboard iOS App 1.0.5 - Remote Input Injection Parrot and DJI variants Drone OSes - Kernel Panic Exploit Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS) Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation PHP CGI Module 8.3.4 - Remote Code Execution (RCE) Microsoft Excel Use After Free - Local Code Execution PCMan FTP Server 2.0.7 - Buffer Overflow PCMan FTP Server 2.0.7 - Remote Buffer Overflow WebDAV Windows 10 - Remote Code Execution (RCE) Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
27 lines
No EOL
959 B
Text
27 lines
No EOL
959 B
Text
# Exploit Title: Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS)
|
|
# Google Dork: inurl:"/admin/pages/add" "Anchor CMS"
|
|
# Date: 2025-06-08
|
|
# Exploit Author: /bin/neko
|
|
# Vendor Homepage: http://anchorcms.com
|
|
# Software Link: https://github.com/anchorcms/anchor-cms
|
|
# Version: 0.12.7
|
|
# Tested on: Ubuntu 22.04 + Apache2 + PHP 8.1
|
|
# CVE: CVE-2025-46041
|
|
|
|
# Description:
|
|
Anchor CMS v0.12.7 suffers from a stored Cross-Site Scripting (XSS) vulnerability
|
|
in the `markdown` field of the /admin/pages/add page.
|
|
An authenticated user with page creation privileges can inject arbitrary JavaScript,
|
|
which is stored and executed when the page is viewed.
|
|
|
|
# Steps to Reproduce:
|
|
1. Login to /admin
|
|
2. Navigate to Pages > Add Page
|
|
3. In the `Markdown` field, insert:
|
|
<script>alert(document.domain)</script>
|
|
4. Save the page.
|
|
5. View the created page. The script executes.
|
|
|
|
# Impact:
|
|
- Arbitrary JavaScript execution
|
|
- Potential session hijacking or admin impersonation |