CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44116
https://notcve.org/view.php?id=CVE-2021-44116
15 Dec 2021 — Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Anchor CMS versiones anteriores a 0.12.7 incluyéndola, en el archivo posts.php. Los atacantes pueden usar la columna posts para cargar el título y el contenid... • https://www.cnblogs.com/unrealnumb/p/15573449.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-5687 – Anchor CMS PHP Object Injection
https://notcve.org/view.php?id=CVE-2015-5687
27 Aug 2015 — system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie. system/session/drivers/cookie.php en Anchor CMS 0.9.x permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través de una cookie serializada manipulada. Anchor CMS suffers from a PHP object injection vulnerability. • http://seclists.org/fulldisclosure/2015/Aug/76 • CWE-94: Improper Control of Generation of Code ('Code Injection') •