← Back

Anchorcms

anchorcms

13 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Anchor Cms
anchor_cms
11 CVEs
Anchor
anchor
2 CVEs

CVEs (13)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-46041
1Anchorcms
1Anchor Cms
Jun 25, 2025
Jun 9, 2025
N/A· v4
5.4 MEDIUM· v3
N/A· v2
A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).
CVE-2024-37732
1Anchorcms
1Anchor Cms
Nov 21, 2024
Jun 24, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file.
CVE-2024-29499
1Anchorcms
1Anchor Cms
Mar 28, 2025
Mar 22, 2024
N/A· v4
7.4 HIGH· v3
N/A· v2
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2.
CVE-2024-29338
1Anchorcms
1Anchor Cms
Mar 28, 2025
Mar 22, 2024
N/A· v4
2.4 LOW· v3
N/A· v2
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2.
CVE-2022-25576
1Anchorcms
1Anchor Cms
Nov 21, 2024
Mar 24, 2022
N/A· v4
4.5 MEDIUM· v3
3.5 LOW· v2
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts.
CVE-2021-46253
1Anchorcms
1Anchor Cms
Nov 21, 2024
Feb 1, 2022
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML.
CVE-2021-44116
1Anchorcms
1Anchor Cms
Nov 21, 2024
Dec 15, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the adm...Show more
Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations.Show less
CVE-2020-23342
1Anchorcms
1Anchor Cms
Nov 21, 2024
Jan 19, 2021
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.
CVE-2020-12071
1Anchorcms
1Anchor
Nov 21, 2024
Apr 23, 2020
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
Anchor 0.12.7 allows admins to cause XSS via crafted post content.
CVE-2018-7251
1Anchorcms
1Anchor
Nov 21, 2024
Feb 19, 2018
N/A· v4
9.8 CRITICAL· v3
5.0 MEDIUM· v2
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred.
CVE-2015-5060
1Anchorcms
1Anchor Cms
May 13, 2026
Sep 7, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev.
CVE-2015-5687
1Anchorcms
1Anchor Cms
May 6, 2026
Oct 5, 2015
N/A· v4
N/A· v3
7.5 HIGH· v2
system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie.
CVE-2014-9182
1Anchorcms
1Anchor Cms
May 6, 2026
Dec 2, 2014
N/A· v4
N/A· v3
4.3 MEDIUM· v2
models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header.