Anchor Cms Security Vulnerabilities and Issues — Anchor Cms CVE List

Lucene search

AnchorcmsAnchor Cms

11 matches found

CVE•added 2022/03/24 11:15 p.m.•98 views

CVE-2022-25576

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts.

4.5CVSS4.7AI score0.00109EPSS

CVE•added 2021/01/19 2:15 p.m.•63 views

CVE-2020-23342

A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.

8.8CVSS8.6AI score0.09213EPSS

CVE•added 2024/03/22 5:15 p.m.•49 views

CVE-2024-29499

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2.

7.4CVSS7.3AI score0.00043EPSS

CVE•added 2021/12/15 10:15 p.m.•48 views

CVE-2021-44116

Cross Site Scripting (XSS) vulnerability exits in Anchor CMS

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2015/10/05 2:59 p.m.•45 views

CVE-2015-5687

system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie.

7.5CVSS7.9AI score0.00553EPSS

CVE•added 2024/06/24 7:15 p.m.•44 views

CVE-2024-37732

Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file.

8.8CVSS7.3AI score0.06804EPSS

CVE•added 2024/03/22 5:15 p.m.•43 views

CVE-2024-29338

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2.

2.4CVSS7.3AI score0.00056EPSS

CVE•added 2025/06/09 5:15 p.m.•38 views

CVE-2025-46041

A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).

5.4CVSS5.6AI score0.0019EPSS

CVE•added 2017/09/07 8:29 p.m.•35 views

CVE-2015-5060

Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev.

6.1CVSS6.1AI score0.0024EPSS

CVE•added 2014/12/02 6:59 p.m.•30 views

CVE-2014-9182

models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header.

4.3CVSS6.8AI score0.00245EPSS

CVE•added 2022/02/01 1:15 p.m.•29 views

CVE-2021-46253

A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML.

5.4CVSS5.3AI score0.00502EPSS