FlyCms
by FlyCms
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-22819 | Hig | 0.57 | 8.8 | 0.00 | Jan 18, 2024 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update. | ||
| CVE-2024-22818 | Hig | 0.57 | 8.8 | 0.00 | Jan 18, 2024 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save | ||
| CVE-2024-22817 | Hig | 0.57 | 8.8 | 0.00 | Jan 18, 2024 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte | ||
| CVE-2024-22603 | Hig | 0.57 | 8.8 | 0.00 | Jan 18, 2024 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link | ||
| CVE-2024-22601 | Hig | 0.57 | 8.8 | 0.00 | Jan 18, 2024 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save | ||
| CVE-2024-22593 | Hig | 0.57 | 8.8 | 0.00 | Jan 18, 2024 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save | ||
| CVE-2024-22592 | Hig | 0.57 | 8.8 | 0.00 | Jan 18, 2024 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update | ||
| CVE-2024-22591 | Hig | 0.57 | 8.8 | 0.00 | Jan 18, 2024 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save. | ||
| CVE-2024-22568 | Hig | 0.57 | 8.8 | 0.00 | Jan 18, 2024 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del. | ||
| CVE-2023-52072 | Hig | 0.57 | 8.8 | 0.00 | Jan 8, 2024 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte. | ||
| CVE-2020-36065 | Hig | 0.57 | 8.8 | 0.00 | May 8, 2023 | Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save. | ||
| CVE-2024-22549 | Med | 0.35 | 5.4 | 0.00 | Jan 18, 2024 | FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section. | ||
| CVE-2024-22548 | Med | 0.35 | 5.4 | 0.00 | Jan 18, 2024 | FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section. |
- risk 0.57cvss 8.8epss 0.00
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update.
- risk 0.57cvss 8.8epss 0.00
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save
- risk 0.57cvss 8.8epss 0.00
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte
- risk 0.57cvss 8.8epss 0.00
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link
- risk 0.57cvss 8.8epss 0.00
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save
- risk 0.57cvss 8.8epss 0.00
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save
- risk 0.57cvss 8.8epss 0.00
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update
- risk 0.57cvss 8.8epss 0.00
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save.
- risk 0.57cvss 8.8epss 0.00
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del.
- risk 0.57cvss 8.8epss 0.00
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte.
- risk 0.57cvss 8.8epss 0.00
Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save.
- risk 0.35cvss 5.4epss 0.00
FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section.
- risk 0.35cvss 5.4epss 0.00
FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section.