Anchor CMS version 0.12.7 contains a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2025-46041. This vulnerability exists in the 'markdown' input field of the administrative page creation interface (/admin/pages/add). An authenticated user with privileges to create pages can inject arbitrary JavaScript code into this field. The injected script is then stored persistently on the server and executed whenever the affected page is viewed by any user with access to that page. The exploit was tested on a typical LAMP stack environment (Ubuntu 22.04, Apache2, PHP 8.1). The attack vector requires authentication and page creation rights, which limits the initial access but still poses a significant risk within the administrative context. Successful exploitation can lead to arbitrary JavaScript execution in the context of the victim's browser session, enabling session hijacking, credential theft, or impersonation of administrative users. The exploit code is provided in plain text format and demonstrates a simple injection of a script alerting the document domain, confirming the vulnerability's presence and ease of exploitation. No official patch or mitigation link is provided, indicating that organizations must rely on other protective measures until an official fix is released.

For European organizations using Anchor CMS 0.12.7, this vulnerability poses a moderate risk primarily to the confidentiality and integrity of administrative sessions. Attackers who gain authenticated access to the CMS backend can embed malicious scripts that execute in the browsers of other administrators or privileged users viewing the compromised pages. This can lead to session hijacking, unauthorized actions performed under the guise of legitimate admins, and potential lateral movement within the CMS environment. Given that Anchor CMS is a lightweight content management system often used by small to medium enterprises, non-profits, and personal websites, the impact may be more pronounced in organizations relying heavily on web presence and administrative integrity. The vulnerability does not directly affect availability but could indirectly cause service disruption if administrative accounts are compromised or if malicious scripts deface content. The lack of known exploits in the wild currently reduces immediate risk, but the public availability of exploit code increases the likelihood of future attacks. European organizations with limited security monitoring or weak internal access controls are particularly vulnerable.

1. Restrict administrative access strictly to trusted personnel and enforce strong authentication mechanisms, such as multi-factor authentication (MFA), to reduce the risk of unauthorized page creation. 2. Implement strict input validation and output encoding on the markdown field to sanitize user input and prevent script injection. If possible, deploy a Web Application Firewall (WAF) with rules targeting stored XSS payloads specific to Anchor CMS administrative URLs. 3. Monitor and audit administrative actions and page content changes regularly to detect suspicious script insertions early. 4. Isolate the CMS administrative interface behind VPN or IP allowlists to limit exposure. 5. Until an official patch is released, consider disabling or restricting the markdown input field or the page creation feature for non-essential users. 6. Educate administrators about the risks of XSS and encourage cautious behavior when interacting with CMS content. 7. Follow Anchor CMS official channels for updates and apply patches promptly once available. 8. Consider migrating to a more actively maintained CMS if long-term support for Anchor CMS 0.12.7 is uncertain.