flusity-CMS
by flusity
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-31666 | 0.02 | — | 0.27 | Apr 22, 2024 | An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php component. | |||
| CVE-2024-25502 | 0.01 | — | 0.11 | Feb 15, 2024 | Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component. | |||
| CVE-2024-27680 | 0.00 | — | 0.00 | Mar 4, 2024 | Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS) in the "Contact form." | |||
| CVE-2024-25410 | 0.00 | — | 0.00 | Feb 26, 2024 | flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in update_setting.php. | |||
| CVE-2024-26349 | 0.00 | — | 0.00 | Feb 22, 2024 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_translation.php | |||
| CVE-2024-26352 | 0.00 | — | 0.00 | Feb 22, 2024 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.php | |||
| CVE-2024-23094 | 0.00 | — | 0.00 | Feb 22, 2024 | Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /cover/addons/info_media_gallery/action/edit_addon_post.php | |||
| CVE-2024-26351 | 0.00 | — | 0.00 | Feb 22, 2024 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_place.php | |||
| CVE-2024-26489 | 0.00 | — | 0.00 | Feb 22, 2024 | A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Social block links' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Profile Name text field. | |||
| CVE-2024-26445 | 0.00 | — | 0.00 | Feb 22, 2024 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php | |||
| CVE-2024-26491 | 0.00 | — | 0.00 | Feb 22, 2024 | A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field. | |||
| CVE-2024-26490 | 0.00 | — | 0.00 | Feb 22, 2024 | A cross-site scripting (XSS) vulnerability in the Addon JD Simple module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field. | |||
| CVE-2024-25417 | 0.00 | — | 0.00 | Feb 11, 2024 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php. | |||
| CVE-2024-25418 | 0.00 | — | 0.00 | Feb 11, 2024 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php. | |||
| CVE-2024-25419 | 0.00 | — | 0.00 | Feb 11, 2024 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php. | |||
| CVE-2024-24469 | 0.00 | — | 0.02 | Feb 5, 2024 | Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php. | |||
| CVE-2024-24468 | 0.00 | — | 0.02 | Feb 5, 2024 | Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php. | |||
| CVE-2024-24470 | 0.00 | — | 0.01 | Feb 2, 2024 | Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component. | |||
| CVE-2023-5810 | 0.00 | — | 0.00 | Oct 27, 2023 | A vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument edit_post_id leads to cross site scripting. The attack may be initiated… |
- CVE-2024-31666Apr 22, 2024risk 0.02cvss —epss 0.27
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php component.
- CVE-2024-25502Feb 15, 2024risk 0.01cvss —epss 0.11
Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component.
- CVE-2024-27680Mar 4, 2024risk 0.00cvss —epss 0.00
Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS) in the "Contact form."
- CVE-2024-25410Feb 26, 2024risk 0.00cvss —epss 0.00
flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in update_setting.php.
- CVE-2024-26349Feb 22, 2024risk 0.00cvss —epss 0.00
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_translation.php
- CVE-2024-26352Feb 22, 2024risk 0.00cvss —epss 0.00
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.php
- CVE-2024-23094Feb 22, 2024risk 0.00cvss —epss 0.00
Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /cover/addons/info_media_gallery/action/edit_addon_post.php
- CVE-2024-26351Feb 22, 2024risk 0.00cvss —epss 0.00
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_place.php
- CVE-2024-26489Feb 22, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Social block links' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Profile Name text field.
- CVE-2024-26445Feb 22, 2024risk 0.00cvss —epss 0.00
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php
- CVE-2024-26491Feb 22, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field.
- CVE-2024-26490Feb 22, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in the Addon JD Simple module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.
- CVE-2024-25417Feb 11, 2024risk 0.00cvss —epss 0.00
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php.
- CVE-2024-25418Feb 11, 2024risk 0.00cvss —epss 0.00
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php.
- CVE-2024-25419Feb 11, 2024risk 0.00cvss —epss 0.00
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php.
- CVE-2024-24469Feb 5, 2024risk 0.00cvss —epss 0.02
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php.
- CVE-2024-24468Feb 5, 2024risk 0.00cvss —epss 0.02
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php.
- CVE-2024-24470Feb 2, 2024risk 0.00cvss —epss 0.01
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component.
- CVE-2023-5810Oct 27, 2023risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument edit_post_id leads to cross site scripting. The attack may be initiated…