Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Anchor Security Vulnerabilities

cve
cve

CVE-2024-37732

Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf...

6.1CVSS

7.3AI Score

0.0005EPSS

2024-06-24 07:15 PM
22
cve
cve

CVE-2024-22287

Cross-Site Request Forgery (CSRF) vulnerability in Luděk Melichar Better Anchor Links allows Cross-Site Scripting (XSS).This issue affects Better Anchor Links: from n/a through...

7.1CVSS

6.3AI Score

0.0005EPSS

2024-01-31 12:16 PM
26
cve
cve

CVE-2023-44145

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jesweb.Dev Anchor Episodes Index (Spotify for Podcasters) plugin <= 2.1.7...

6.5CVSS

5.2AI Score

0.0004EPSS

2023-10-02 10:15 AM
15
cve
cve

CVE-2014-9182

models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host:...

6.8AI Score

0.001EPSS

2022-10-03 04:20 PM
17
cve
cve

CVE-2022-25576

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete...

4.5CVSS

4.7AI Score

0.001EPSS

2022-03-24 11:15 PM
84
cve
cve

CVE-2021-46253

A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or...

5.4CVSS

5.3AI Score

0.001EPSS

2022-02-01 01:15 PM
18
cve
cve

CVE-2021-44116

Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious...

6.1CVSS

5.9AI Score

0.001EPSS

2021-12-15 10:15 PM
32
cve
cve

CVE-2020-23342

A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin...

8.8CVSS

8.6AI Score

0.004EPSS

2021-01-19 02:15 PM
45
10
cve
cve

CVE-2020-12071

Anchor 0.12.7 allows admins to cause XSS via crafted post...

4.8CVSS

4.8AI Score

0.001EPSS

2020-04-23 02:15 AM
85
cve
cve

CVE-2018-7251

An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has...

9.8CVSS

9.2AI Score

0.065EPSS

2018-02-19 10:29 PM
39
cve
cve

CVE-2015-5060

Cross-site scripting (XSS) vulnerability in anchor-cms before...

6.1CVSS

6.1AI Score

0.001EPSS

2017-09-07 08:29 PM
19
cve
cve

CVE-2015-5687

system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a...

7.9AI Score

0.006EPSS

2015-10-05 02:59 PM
29
cve
cve

CVE-2013-5099

Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. NOTE: some sources have reported that comments.php is vulnerable, but certain functions from comments.php are...

5.9AI Score

0.002EPSS

2013-08-09 09:55 PM
18