Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown

CVE-2024-37732

Disclosure Date: June 24, 2024 (last updated February 26, 2025)
Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-25576

Disclosure Date: March 24, 2022 (last updated February 23, 2025)
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-46253

Disclosure Date: February 01, 2022 (last updated February 23, 2025)
A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-23342

Disclosure Date: January 19, 2021 (last updated February 22, 2025)
A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-12071

Disclosure Date: April 23, 2020 (last updated February 21, 2025)
Anchor 0.12.7 allows admins to cause XSS via crafted post content.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0