📄 Anchor CMS 0.12.7 Cross Site Scripting

Anchor CMS version 0.12.7 suffers from a persistent cross site scripting vulnerability. Anchor CMS v0.12.7 - Stored XSS CVE-2025-46041 Anchor CMS v0.12.7 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability in the description field of the /admin/pages/add interface. CVE ID...

Cross-site Scripting (XSS)

Overview anchorcms/anchor-cms is a lightweight blog CMS for PHP. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the "page description" field in the page creation interface /admin/pages/add. An attacker can execute arbitrary JavaScript code by injecting...

GHSA-6WC4-V4V5-3M82 Subrion CMS Stored Cross-site Scripting (XSS)

core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titlesen parameter...