flusity
Products
1- 25 CVEs
Recent CVEs
25| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-31666 | Cri | 0.64 | 9.8 | 0.02 | Apr 22, 2024 | An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php component. | ||
| CVE-2024-32418 | Cri | 0.64 | 9.8 | 0.01 | Apr 22, 2024 | An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component. | ||
| CVE-2024-25502 | Cri | 0.64 | 9.8 | 0.01 | Feb 15, 2024 | Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component. | ||
| CVE-2024-26352 | Hig | 0.57 | 8.8 | 0.00 | Feb 22, 2024 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.php | ||
| CVE-2024-23094 | Hig | 0.57 | 8.8 | 0.00 | Feb 22, 2024 | Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /cover/addons/info_media_gallery/action/edit_addon_post.php | ||
| CVE-2024-25419 | Hig | 0.57 | 8.8 | 0.00 | Feb 11, 2024 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php. | ||
| CVE-2024-25418 | Hig | 0.57 | 8.8 | 0.00 | Feb 11, 2024 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php. | ||
| CVE-2024-25417 | Hig | 0.57 | 8.8 | 0.00 | Feb 11, 2024 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php. | ||
| CVE-2024-24469 | Hig | 0.57 | 8.8 | 0.01 | Feb 5, 2024 | Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php. | ||
| CVE-2024-24468 | Hig | 0.57 | 8.8 | 0.00 | Feb 5, 2024 | Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php. | ||
| CVE-2024-24470 | Hig | 0.57 | 8.8 | 0.01 | Feb 2, 2024 | Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component. | ||
| CVE-2024-24524 | Hig | 0.57 | 8.8 | 0.01 | Feb 2, 2024 | Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component. | ||
| CVE-2024-27757 | Med | 0.40 | 6.1 | 0.00 | Mar 18, 2024 | flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024." | ||
| CVE-2024-27680 | Med | 0.40 | 6.1 | 0.00 | Mar 4, 2024 | Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS) in the "Contact form." | ||
| CVE-2024-27668 | Med | 0.40 | 6.1 | 0.00 | Mar 4, 2024 | Flusity-CMS v2.33 is affected by: Cross Site Scripting (XSS) in 'Custom Blocks.' | ||
| CVE-2024-26445 | Med | 0.40 | 6.1 | 0.00 | Feb 22, 2024 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php | ||
| CVE-2024-26491 | Med | 0.40 | 6.1 | 0.00 | Feb 22, 2024 | A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field. | ||
| CVE-2024-26489 | Med | 0.40 | 6.1 | 0.00 | Feb 22, 2024 | A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Social block links' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Profile Name text field. | ||
| CVE-2024-26490 | Med | 0.35 | 5.4 | 0.00 | Feb 22, 2024 | A cross-site scripting (XSS) vulnerability in the Addon JD Simple module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field. | ||
| CVE-2023-5812 | Med | 0.31 | 4.7 | 0.01 | Oct 27, 2023 | A vulnerability has been found in flusity CMS and classified as critical. Affected by this vulnerability is the function handleFileUpload of the file core/tools/upload.php. The manipulation of the argument uploaded_file leads to unrestricted upload. The attack can be launched… |
- risk 0.64cvss 9.8epss 0.02
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php component.
- risk 0.64cvss 9.8epss 0.01
An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component.
- risk 0.64cvss 9.8epss 0.01
Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component.
- risk 0.57cvss 8.8epss 0.00
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.php
- risk 0.57cvss 8.8epss 0.00
Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /cover/addons/info_media_gallery/action/edit_addon_post.php
- risk 0.57cvss 8.8epss 0.00
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php.
- risk 0.57cvss 8.8epss 0.00
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php.
- risk 0.57cvss 8.8epss 0.00
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php.
- risk 0.57cvss 8.8epss 0.01
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php.
- risk 0.57cvss 8.8epss 0.00
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php.
- risk 0.57cvss 8.8epss 0.01
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component.
- risk 0.57cvss 8.8epss 0.01
Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component.
- risk 0.40cvss 6.1epss 0.00
flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024."
- risk 0.40cvss 6.1epss 0.00
Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS) in the "Contact form."
- risk 0.40cvss 6.1epss 0.00
Flusity-CMS v2.33 is affected by: Cross Site Scripting (XSS) in 'Custom Blocks.'
- risk 0.40cvss 6.1epss 0.00
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php
- risk 0.40cvss 6.1epss 0.00
A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field.
- risk 0.40cvss 6.1epss 0.00
A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Social block links' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Profile Name text field.
- risk 0.35cvss 5.4epss 0.00
A cross-site scripting (XSS) vulnerability in the Addon JD Simple module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.
- risk 0.31cvss 4.7epss 0.01
A vulnerability has been found in flusity CMS and classified as critical. Affected by this vulnerability is the function handleFileUpload of the file core/tools/upload.php. The manipulation of the argument uploaded_file leads to unrestricted upload. The attack can be launched…