CVE Catalog

CVE-2025-46041

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.56%

42th percentile - higher than 42% of all known CVEs

Summary

A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).

Risk Assessment

The risk involves arbitrary script execution in administrators' browsers, potentially leading to session theft, defacement, or admin panel takeover.

Recommendation

Update Anchor CMS to the latest patched version and implement input validation and encoding for page description fields.

Original NVD description (English source)

A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS