Lucene search

Anchorcms Security Vulnerabilities

cve

CVE-2022-25576

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete...

4.5CVSS

4.8AI Score

0.001EPSS

2022-03-24 11:15 PM

cve

CVE-2021-46253

A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or...

5.4CVSS

5.4AI Score

0.001EPSS

2022-02-01 01:15 PM

cve

CVE-2021-44116

Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious...

6.1CVSS

6AI Score

0.001EPSS

2021-12-15 10:15 PM

cve

CVE-2020-23342

A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin...

8.8CVSS

8.7AI Score

0.004EPSS

2021-01-19 02:15 PM

cve

CVE-2020-12071

Anchor 0.12.7 allows admins to cause XSS via crafted post...

4.8CVSS

4.8AI Score

0.001EPSS

2020-04-23 02:15 AM

cve

CVE-2018-7251

An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has...

9.8CVSS

9.3AI Score

0.065EPSS

2018-02-19 10:29 PM

cve

CVE-2015-5060

Cross-site scripting (XSS) vulnerability in anchor-cms before...

6.1CVSS

6.4AI Score

0.001EPSS

2017-09-07 08:29 PM