Lucene search
K

4 matches found

Snyk
Snyk
added 2025/06/09 5:42 p.m.4 views

Cross-site Scripting (XSS)

Overview anchorcms/anchor-cms is a lightweight blog CMS for PHP. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the "page description" field in the page creation interface /admin/pages/add. An attacker can execute arbitrary JavaScript code by injecting...

6.4CVSS5.4AI score0.00558EPSS
Exploits4References2
CVE
CVE
added 2025/06/09 12:0 a.m.63 views

CVE-2025-46041

Anchor CMS v0.12.7 is affected by CVE-2025-46041: a stored XSS in the page creation interface, exploitable via the description field on /admin/pages/add. An authenticated user (admin/editor) can inject arbitrary JavaScript which is stored and executed when the page is viewed. Affected component/l...

5.4CVSS5.6AI score0.00558EPSS
Exploits4References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/09 12:0 a.m.3 views

CVE-2025-46041

A stored cross-site scripting XSS vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface /admin/pages/add...

5.6AI score0.00558EPSS
Exploits4References1
Positive Technologies
Positive Technologies
added 2023/07/13 12:0 a.m.5 views

PT-2023-26090 · Unknown · Maid Hiring Management System

Name of the Vulnerable Software and Affected Versions: Maid Hiring Management System version 1.0 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the "/admin/aboutus.php" API endpoin...

6.1CVSS6AI score0.00314EPSS
Exploits0References3
Rows per page
Query Builder