All versions of package anchorme are vulnerable to Cross-site Scripting (XSS) via the main functionality.