CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44116
https://notcve.org/view.php?id=CVE-2021-44116
15 Dec 2021 — Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Anchor CMS versiones anteriores a 0.12.7 incluyéndola, en el archivo posts.php. Los atacantes pueden usar la columna posts para cargar el título y el contenid... • https://www.cnblogs.com/unrealnumb/p/15573449.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-5060
https://notcve.org/view.php?id=CVE-2015-5060
07 Sep 2017 — Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en anchor-cms en versiones anteriores a la 0.9-dev. • http://github.com/anchorcms/anchor-cms/issues/875 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-5687 – Anchor CMS PHP Object Injection
https://notcve.org/view.php?id=CVE-2015-5687
27 Aug 2015 — system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie. system/session/drivers/cookie.php en Anchor CMS 0.9.x permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través de una cookie serializada manipulada. Anchor CMS suffers from a PHP object injection vulnerability. • http://seclists.org/fulldisclosure/2015/Aug/76 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2014-9182 – Anchor CMS 0.9.2 Header Injection
https://notcve.org/view.php?id=CVE-2014-9182
10 Nov 2014 — models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header. models/comment.php en Anchor CMS 0.9.2 y anteriores permite a atacantes remotos inyectar cabeceras arbitrarias en mensajes de correo a través de una cabecera Host: manipulada. Anchor CMS versions 0.9.2 and below suffer from a header injection vulnerability. • https://packetstorm.news/files/id/129042 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •