A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).
{ "versions": [ { "introduced": "0" }, { "last_affected": "0.12.7" } ] }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46041.json"