CVE-2014-9182

models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:anchorcms:anchor_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:anchorcms:anchor_cms:0.9.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-12-02 18:59

Updated : 2023-12-10 11:31


NVD link : CVE-2014-9182

Mitre link : CVE-2014-9182

CVE.ORG link : CVE-2014-9182


JSON object : View

Products Affected

anchorcms

  • anchor_cms
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')