Flycms
by Sunkaifei
Source repositories
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-15094 | Med | 0.28 | 4.3 | 0.00 | Dec 26, 2025 | A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing a manipulation of the… | ||
| CVE-2025-15093 | Med | 0.28 | 4.3 | 0.00 | Dec 26, 2025 | A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The affected element is an unknown function of the file src/main/java/com/flycms/web/system/IndexAdminController.java of the component Admin Login. Performing a manipulation… | ||
| CVE-2024-27694 | 0.00 | — | 0.00 | Mar 4, 2024 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit. | |||
| CVE-2024-22939 | 0.00 | — | 0.01 | Feb 1, 2024 | Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/category_edit component. | |||
| CVE-2024-22548 | 0.00 | — | 0.00 | Jan 18, 2024 | FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section. | |||
| CVE-2024-22699 | 0.00 | — | 0.00 | Jan 18, 2024 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save. | |||
| CVE-2024-22591 | 0.00 | — | 0.00 | Jan 18, 2024 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save. | |||
| CVE-2024-22819 | 0.00 | — | 0.00 | Jan 18, 2024 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update. | |||
| CVE-2024-22601 | 0.00 | — | 0.00 | Jan 18, 2024 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save | |||
| CVE-2024-22568 | 0.00 | — | 0.00 | Jan 18, 2024 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del. | |||
| CVE-2024-22592 | 0.00 | — | 0.00 | Jan 18, 2024 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update | |||
| CVE-2024-22817 | 0.00 | — | 0.00 | Jan 18, 2024 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte | |||
| CVE-2024-22593 | 0.00 | — | 0.00 | Jan 18, 2024 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save | |||
| CVE-2024-22549 | 0.00 | — | 0.00 | Jan 18, 2024 | FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section. | |||
| CVE-2023-52074 | 0.00 | — | 0.00 | Jan 8, 2024 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte. | |||
| CVE-2023-52073 | 0.00 | — | 0.00 | Jan 8, 2024 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte. | |||
| CVE-2023-52072 | 0.00 | — | 0.00 | Jan 8, 2024 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte. | |||
| CVE-2024-21732 | 0.00 | — | 0.00 | Jan 1, 2024 | FlyCms through abbaa5a allows XSS via the permission management feature. | |||
| CVE-2020-19613 | 0.00 | — | 0.01 | Apr 1, 2021 | Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503. |
- risk 0.28cvss 4.3epss 0.00
A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing a manipulation of the…
- risk 0.28cvss 4.3epss 0.00
A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The affected element is an unknown function of the file src/main/java/com/flycms/web/system/IndexAdminController.java of the component Admin Login. Performing a manipulation…
- CVE-2024-27694Mar 4, 2024risk 0.00cvss —epss 0.00
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit.
- CVE-2024-22939Feb 1, 2024risk 0.00cvss —epss 0.01
Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/category_edit component.
- CVE-2024-22548Jan 18, 2024risk 0.00cvss —epss 0.00
FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section.
- CVE-2024-22699Jan 18, 2024risk 0.00cvss —epss 0.00
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save.
- CVE-2024-22591Jan 18, 2024risk 0.00cvss —epss 0.00
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save.
- CVE-2024-22819Jan 18, 2024risk 0.00cvss —epss 0.00
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update.
- CVE-2024-22601Jan 18, 2024risk 0.00cvss —epss 0.00
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save
- CVE-2024-22568Jan 18, 2024risk 0.00cvss —epss 0.00
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del.
- CVE-2024-22592Jan 18, 2024risk 0.00cvss —epss 0.00
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update
- CVE-2024-22817Jan 18, 2024risk 0.00cvss —epss 0.00
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte
- CVE-2024-22593Jan 18, 2024risk 0.00cvss —epss 0.00
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save
- CVE-2024-22549Jan 18, 2024risk 0.00cvss —epss 0.00
FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section.
- CVE-2023-52074Jan 8, 2024risk 0.00cvss —epss 0.00
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte.
- CVE-2023-52073Jan 8, 2024risk 0.00cvss —epss 0.00
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte.
- CVE-2023-52072Jan 8, 2024risk 0.00cvss —epss 0.00
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte.
- CVE-2024-21732Jan 1, 2024risk 0.00cvss —epss 0.00
FlyCms through abbaa5a allows XSS via the permission management feature.
- CVE-2020-19613Apr 1, 2021risk 0.00cvss —epss 0.01
Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503.