Anchorcms: >> Anchor Cms >> 0.12.7 Security Vulnerabilities
A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).
CVSS Score
5.4
EPSS Score
0.001
Published
2025-06-09
Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-06-24
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2.
CVSS Score
2.4
EPSS Score
0.001
Published
2024-03-22
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2.
CVSS Score
7.4
EPSS Score
0.0
Published
2024-03-22
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts.
CVSS Score
4.5
EPSS Score
0.001
Published
2022-03-24
A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML.
CVSS Score
5.4
EPSS Score
0.005
Published
2022-02-01
Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-12-15
A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.
CVSS Score
8.8
EPSS Score
0.092
Published
2021-01-19