← Back

Anchor Cms

anchor_cms

Vendor: Anchorcms • 11 CVEs

CVEs (11)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-46041
1Anchorcms
1Anchor Cms
Jun 25, 2025
Jun 9, 2025
N/A· v4
5.4 MEDIUM· v3
N/A· v2
A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).
CVE-2024-37732
1Anchorcms
1Anchor Cms
Nov 21, 2024
Jun 24, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file.
CVE-2024-29499
1Anchorcms
1Anchor Cms
Mar 28, 2025
Mar 22, 2024
N/A· v4
7.4 HIGH· v3
N/A· v2
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2.
CVE-2024-29338
1Anchorcms
1Anchor Cms
Mar 28, 2025
Mar 22, 2024
N/A· v4
2.4 LOW· v3
N/A· v2
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2.
CVE-2022-25576
1Anchorcms
1Anchor Cms
Nov 21, 2024
Mar 24, 2022
N/A· v4
4.5 MEDIUM· v3
3.5 LOW· v2
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts.
CVE-2021-46253
1Anchorcms
1Anchor Cms
Nov 21, 2024
Feb 1, 2022
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML.
CVE-2021-44116
1Anchorcms
1Anchor Cms
Nov 21, 2024
Dec 15, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the adm...Show more
Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations.Show less
CVE-2020-23342
1Anchorcms
1Anchor Cms
Nov 21, 2024
Jan 19, 2021
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.
CVE-2015-5060
1Anchorcms
1Anchor Cms
May 13, 2026
Sep 7, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev.
CVE-2015-5687
1Anchorcms
1Anchor Cms
May 6, 2026
Oct 5, 2015
N/A· v4
N/A· v3
7.5 HIGH· v2
system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie.
CVE-2014-9182
1Anchorcms
1Anchor Cms
May 6, 2026
Dec 2, 2014
N/A· v4
N/A· v3
4.3 MEDIUM· v2
models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header.