CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37732
https://notcve.org/view.php?id=CVE-2024-37732
24 Jun 2024 — Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file. Vulnerabilidad de Cross Site Scripting en Anchor CMS v.0.12.7 permite a un atacante remoto ejecutar código arbitrario a través de un archivo .pdf manipulado. • https://gitee.com/Aa272899/CHG-sec/issues/I9UO7X • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29499
https://notcve.org/view.php?id=CVE-2024-29499
22 Mar 2024 — Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2. Se descubrió que Anchor CMS v0.12.7 contenía una Cross-Site Request Forgery (CSRF) a través de /anchor/admin/users/delete/2. • https://github.com/daddywolf/cms/blob/main/1.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29338
https://notcve.org/view.php?id=CVE-2024-29338
22 Mar 2024 — Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2. Se descubrió que Anchor CMS v0.12.7 contenía una Cross-Site Request Forgery (CSRF) a través de /anchor/admin/categories/delete/2. • https://github.com/PWwwww123/cms/blob/main/1.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25576
https://notcve.org/view.php?id=CVE-2022-25576
24 Mar 2022 — Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts. Se ha detectado que Anchor CMS versión v0.12.7, contiene una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) por medio del componente anchor/routes/posts.php. Esta vulnerabilidad permite a atacantes eliminar posts de forma arbitraria • https://github.com/anchorcms/anchor-cms • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46253
https://notcve.org/view.php?id=CVE-2021-46253
01 Feb 2022 — A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML. Una vulnerabilidad de tipo Cross-site scripting (XSS) en la función Create Post de Anchor CMS versión v0.12.7, permite a atacantes ejecutar scripts web o HTML arbitrarios • https://anchorcms.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44116
https://notcve.org/view.php?id=CVE-2021-44116
15 Dec 2021 — Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Anchor CMS versiones anteriores a 0.12.7 incluyéndola, en el archivo posts.php. Los atacantes pueden usar la columna posts para cargar el título y el contenid... • https://www.cnblogs.com/unrealnumb/p/15573449.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 5CVE-2020-23342 – Anchor CMS 0.12.7 - CSRF (Delete user)
https://notcve.org/view.php?id=CVE-2020-23342
19 Jan 2021 — A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users. Se presenta una vulnerabilidad de tipo CSRF en Anchor CMS versión 0.12.7, en el archivo anchor/views/users/edit.php que puede cambiar la Eliminación de usuarios administradores Anchor CMS version 0.12.7 suffers from a cross site request forgery vulnerability. • https://packetstorm.news/files/id/161048 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-12071
https://notcve.org/view.php?id=CVE-2020-12071
23 Apr 2020 — Anchor 0.12.7 allows admins to cause XSS via crafted post content. Anchor versión 0.12.7 permite a los administradores causar XSS mediante contenido de publicación diseñado. • https://github.com/anchorcms/anchor-cms/issues/1333 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 2CVE-2018-7251 – AnchorCMS < 0.12.3a - Information Disclosure
https://notcve.org/view.php?id=CVE-2018-7251
19 Feb 2018 — An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred. Se ha descubierto un problema en config/error.php en Anchor 0.12.3. El registro de errores se expone en un URI errors.log y contiene credenciales de MySQL si ha ocurrido un error de MySQL (como "Too many connections"). • https://packetstorm.news/files/id/154723 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-5060
https://notcve.org/view.php?id=CVE-2015-5060
07 Sep 2017 — Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en anchor-cms en versiones anteriores a la 0.9-dev. • http://github.com/anchorcms/anchor-cms/issues/875 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •