cbcvebase.

Anchorcms Anchor Cms vulnerabilities

11 known vulnerabilities affecting anchorcms/anchor_cms.

Total CVEs
11
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM7LOW1

Vulnerabilities

Page 1 of 1
CVE-2020-23342P2HIGHCVSS 8.8PoCv0.12.72021-01-19
CVE-2020-23342 [HIGH] CWE-352 CVE-2020-23342: A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Del A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.
nvd
CVE-2025-46041P4MEDIUMCVSS 5.4PoCv0.12.72025-06-09
CVE-2025-46041 [MEDIUM] CWE-79 CVE-2025-46041: A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject m A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).
nvd
CVE-2015-5687P3HIGHCVSS 7.5v0.9.1v0.9.2+1 more2015-10-05
CVE-2015-5687 [HIGH] CWE-94 CVE-2015-5687: system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie.
nvd
CVE-2024-37732P4MEDIUMCVSS 6.1v0.12.72024-06-24
CVE-2024-37732 [MEDIUM] CWE-79 CVE-2024-37732: Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitr Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file.
nvd
CVE-2024-29499P4HIGHCVSS 7.4v0.12.72024-03-22
CVE-2024-29499 [HIGH] CWE-352 CVE-2024-29499: Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/u Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2.
nvd
CVE-2021-44116P4MEDIUMCVSS 6.1≤ 0.12.72021-12-15
CVE-2021-44116 [MEDIUM] CWE-79 CVE-2021-44116: Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can us Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations.
nvd
CVE-2021-46253P4MEDIUMCVSS 5.4v0.12.72022-02-01
CVE-2021-46253 [MEDIUM] CWE-79 CVE-2021-46253: A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML.
nvd
CVE-2015-5060P4MEDIUMCVSS 6.1≤ 0.9.22017-09-07
CVE-2015-5060 [MEDIUM] CWE-79 CVE-2015-5060: Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev. Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev.
nvd
CVE-2014-9182P4MEDIUMCVSS 4.3≤ 0.9.2v0.9.12014-12-02
CVE-2014-9182 [MEDIUM] CWE-79 CVE-2014-9182: models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary heade models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header.
nvd
CVE-2022-25576P4MEDIUMCVSS 4.5v0.12.72022-03-24
CVE-2022-25576 [MEDIUM] CWE-352 CVE-2022-25576: Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component a Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts.
nvd
CVE-2024-29338P4LOWCVSS 2.4v0.12.72024-03-22
CVE-2024-29338 [LOW] CWE-352 CVE-2024-29338: Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/c Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2.
nvd
Anchorcms Anchor Cms vulnerabilities | cvebase