11 matches found
GHSA-4XW8-9FJ7-J58J Cross-Site Request Forgery in Anchor CMS
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery CSRF via /anchor/admin/users/delete/2...
GHSA-2WHX-CCR7-FXQM Cross-Site Request Forgery in Anchor CMS
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery CSRF via /anchor/admin/categories/delete/2...
CVE-2024-29338
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery CSRF via /anchor/admin/categories/delete/2...
Cross-Site Request Forgery in Anchor CMS
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery CSRF via /anchor/admin/categories/delete/2...
CVE-2024-29338
Anchor CMS v0.12.7 is affected by a Cross-Site Request Forgery (CSRF) vulnerability in the endpoint /anchor/admin/categories/delete/2. The Red Hat, Veracode, OSV, and other connected records consistently describe this CSRF issue as caused by insufficient validation for requests, enabling forged a...
CVE-2024-29499
CVE-2024-29499 affects Anchor CMS v0.12.7 with a Cross-Site Request Forgery (CSRF) vulnerability at /anchor/admin/users/delete/2. The CVSS v3.1 base score is 7.4 (HIGH) with network attack vector, low attack complexity, requiring low privileges and user interaction set to none; scope: changed. Re...
CVE-2024-29338
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery CSRF via /anchor/admin/categories/delete/2...
CVE-2024-29499
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery CSRF via /anchor/admin/users/delete/2...
CVE-2024-29338
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery CSRF via /anchor/admin/categories/delete/2...
CVE-2022-25576
Anchor CMS v0.12.7 is affected by a Cross-Site Request Forgery (CSRF) in the component anchor/routes/posts.php that allows an attacker to arbitrarily delete posts. The root cause, as described across multiple entries (including HGSA/GHSA and CVE references), is a missing/ inadequate CSRF token va...
Cross-site Scripting in Anchor CMS
A cross-site scripting XSS vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML...