CVE-2013-5099

low

Published 2013-08-09 · Modified 2026-04-29

CVSS v3

—

VIR risk

2.6

Description

Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. NOTE: some sources have reported that comments.php is vulnerable, but certain functions from comments.php are used by article.php.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions	Fixed
anchor	anchor_cms	`0.9.1`

References

http://www.exploit-db.com/exploits/26958
http://www.securityfocus.com/bid/61376
https://exchange.xforce.ibmcloud.com/vulnerabilities/85888
http://www.exploit-db.com/exploits/26958
http://www.securityfocus.com/bid/61376
https://exchange.xforce.ibmcloud.com/vulnerabilities/85888

CWEs

CWE-79

💬 Discuss CVE-2013-5099 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.