CVE-2025-46041
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk42th percentile - higher than 42% of all known CVEs
Summary
A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).
Risk Assessment
The risk involves arbitrary script execution in administrators' browsers, potentially leading to session theft, defacement, or admin panel takeover.
Recommendation
Update Anchor CMS to the latest patched version and implement input validation and encoding for page description fields.
Original NVD description (English source)
A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).

