CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37732
https://notcve.org/view.php?id=CVE-2024-37732
24 Jun 2024 — Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file. Vulnerabilidad de Cross Site Scripting en Anchor CMS v.0.12.7 permite a un atacante remoto ejecutar código arbitrario a través de un archivo .pdf manipulado. • https://gitee.com/Aa272899/CHG-sec/issues/I9UO7X • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25576
https://notcve.org/view.php?id=CVE-2022-25576
24 Mar 2022 — Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts. Se ha detectado que Anchor CMS versión v0.12.7, contiene una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) por medio del componente anchor/routes/posts.php. Esta vulnerabilidad permite a atacantes eliminar posts de forma arbitraria • https://github.com/anchorcms/anchor-cms • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46253
https://notcve.org/view.php?id=CVE-2021-46253
01 Feb 2022 — A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML. Una vulnerabilidad de tipo Cross-site scripting (XSS) en la función Create Post de Anchor CMS versión v0.12.7, permite a atacantes ejecutar scripts web o HTML arbitrarios • https://anchorcms.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 5CVE-2020-23342 – Anchor CMS 0.12.7 - CSRF (Delete user)
https://notcve.org/view.php?id=CVE-2020-23342
19 Jan 2021 — A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users. Se presenta una vulnerabilidad de tipo CSRF en Anchor CMS versión 0.12.7, en el archivo anchor/views/users/edit.php que puede cambiar la Eliminación de usuarios administradores Anchor CMS version 0.12.7 suffers from a cross site request forgery vulnerability. • https://packetstorm.news/files/id/161048 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-12071
https://notcve.org/view.php?id=CVE-2020-12071
23 Apr 2020 — Anchor 0.12.7 allows admins to cause XSS via crafted post content. Anchor versión 0.12.7 permite a los administradores causar XSS mediante contenido de publicación diseñado. • https://github.com/anchorcms/anchor-cms/issues/1333 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •