CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37732
https://notcve.org/view.php?id=CVE-2024-37732
24 Jun 2024 — Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file. Vulnerabilidad de Cross Site Scripting en Anchor CMS v.0.12.7 permite a un atacante remoto ejecutar código arbitrario a través de un archivo .pdf manipulado. • https://gitee.com/Aa272899/CHG-sec/issues/I9UO7X • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29499
https://notcve.org/view.php?id=CVE-2024-29499
22 Mar 2024 — Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2. Se descubrió que Anchor CMS v0.12.7 contenía una Cross-Site Request Forgery (CSRF) a través de /anchor/admin/users/delete/2. • https://github.com/daddywolf/cms/blob/main/1.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25576
https://notcve.org/view.php?id=CVE-2022-25576
24 Mar 2022 — Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts. Se ha detectado que Anchor CMS versión v0.12.7, contiene una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) por medio del componente anchor/routes/posts.php. Esta vulnerabilidad permite a atacantes eliminar posts de forma arbitraria • https://github.com/anchorcms/anchor-cms • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46253
https://notcve.org/view.php?id=CVE-2021-46253
01 Feb 2022 — A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML. Una vulnerabilidad de tipo Cross-site scripting (XSS) en la función Create Post de Anchor CMS versión v0.12.7, permite a atacantes ejecutar scripts web o HTML arbitrarios • https://anchorcms.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44116
https://notcve.org/view.php?id=CVE-2021-44116
15 Dec 2021 — Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Anchor CMS versiones anteriores a 0.12.7 incluyéndola, en el archivo posts.php. Los atacantes pueden usar la columna posts para cargar el título y el contenid... • https://www.cnblogs.com/unrealnumb/p/15573449.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 5CVE-2020-23342 – Anchor CMS 0.12.7 - CSRF (Delete user)
https://notcve.org/view.php?id=CVE-2020-23342
19 Jan 2021 — A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users. Se presenta una vulnerabilidad de tipo CSRF en Anchor CMS versión 0.12.7, en el archivo anchor/views/users/edit.php que puede cambiar la Eliminación de usuarios administradores Anchor CMS version 0.12.7 suffers from a cross site request forgery vulnerability. • https://packetstorm.news/files/id/161048 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-5060
https://notcve.org/view.php?id=CVE-2015-5060
07 Sep 2017 — Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en anchor-cms en versiones anteriores a la 0.9-dev. • http://github.com/anchorcms/anchor-cms/issues/875 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-5687 – Anchor CMS PHP Object Injection
https://notcve.org/view.php?id=CVE-2015-5687
27 Aug 2015 — system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie. system/session/drivers/cookie.php en Anchor CMS 0.9.x permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través de una cookie serializada manipulada. Anchor CMS suffers from a PHP object injection vulnerability. • http://seclists.org/fulldisclosure/2015/Aug/76 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2014-9182 – Anchor CMS 0.9.2 Header Injection
https://notcve.org/view.php?id=CVE-2014-9182
10 Nov 2014 — models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header. models/comment.php en Anchor CMS 0.9.2 y anteriores permite a atacantes remotos inyectar cabeceras arbitrarias en mensajes de correo a través de una cabecera Host: manipulada. Anchor CMS versions 0.9.2 and below suffer from a header injection vulnerability. • https://packetstorm.news/files/id/129042 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •