Batflat CMS
by sruupl
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-41652 | Hig | 0.49 | 7.5 | 0.01 | Mar 1, 2022 | Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database. | ||
| CVE-2021-27679 | Med | 0.35 | 5.4 | 0.01 | Mar 11, 2021 | Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name. | ||
| CVE-2021-27678 | Med | 0.35 | 5.4 | 0.01 | Mar 11, 2021 | Cross-site scripting (XSS) vulnerability in Snippets in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name. |
- risk 0.49cvss 7.5epss 0.01
Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability in Snippets in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name.