Anchorcms: >> Anchor Cms >> 0.9.2 Security Vulnerabilities
Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-12-15
Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-09-07
system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie.
CVSS Score
7.5
EPSS Score
0.006
Published
2015-10-05
models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header.
CVSS Score
4.3
EPSS Score
0.002
Published
2014-12-02