VYPR

Vendor CVEs

flusity

All CVEs

25 total · sorted by risk
  • CVE-2024-31666CriApr 22, 2024
    risk 0.64cvss 9.8epss 0.02

    An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php component.

  • CVE-2024-32418CriApr 22, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component.

  • CVE-2024-25502CriFeb 15, 2024
    risk 0.64cvss 9.8epss 0.01

    Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component.

  • CVE-2024-26352HigFeb 22, 2024
    risk 0.57cvss 8.8epss 0.00

    flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.php

  • CVE-2024-23094HigFeb 22, 2024
    risk 0.57cvss 8.8epss 0.00

    Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /cover/addons/info_media_gallery/action/edit_addon_post.php

  • CVE-2024-25419HigFeb 11, 2024
    risk 0.57cvss 8.8epss 0.00

    flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php.

  • CVE-2024-25418HigFeb 11, 2024
    risk 0.57cvss 8.8epss 0.00

    flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php.

  • CVE-2024-25417HigFeb 11, 2024
    risk 0.57cvss 8.8epss 0.00

    flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php.

  • CVE-2024-24469HigFeb 5, 2024
    risk 0.57cvss 8.8epss 0.01

    Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php.

  • CVE-2024-24468HigFeb 5, 2024
    risk 0.57cvss 8.8epss 0.00

    Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php.

  • CVE-2024-24470HigFeb 2, 2024
    risk 0.57cvss 8.8epss 0.01

    Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component.

  • CVE-2024-24524HigFeb 2, 2024
    risk 0.57cvss 8.8epss 0.01

    Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component.

  • CVE-2024-27757MedMar 18, 2024
    risk 0.40cvss 6.1epss 0.00

    flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024."

  • CVE-2024-27680MedMar 4, 2024
    risk 0.40cvss 6.1epss 0.00

    Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS) in the "Contact form."

  • CVE-2024-27668MedMar 4, 2024
    risk 0.40cvss 6.1epss 0.00

    Flusity-CMS v2.33 is affected by: Cross Site Scripting (XSS) in 'Custom Blocks.'

  • CVE-2024-26445MedFeb 22, 2024
    risk 0.40cvss 6.1epss 0.00

    flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php

  • CVE-2024-26491MedFeb 22, 2024
    risk 0.40cvss 6.1epss 0.00

    A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field.

  • CVE-2024-26489MedFeb 22, 2024
    risk 0.40cvss 6.1epss 0.00

    A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Social block links' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Profile Name text field.

  • CVE-2024-26490MedFeb 22, 2024
    risk 0.35cvss 5.4epss 0.00

    A cross-site scripting (XSS) vulnerability in the Addon JD Simple module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.

  • CVE-2023-5812MedOct 27, 2023
    risk 0.31cvss 4.7epss 0.01

    A vulnerability has been found in flusity CMS and classified as critical. Affected by this vulnerability is the function handleFileUpload of the file core/tools/upload.php. The manipulation of the argument uploaded_file leads to unrestricted upload. The attack can be launched…

  • CVE-2024-33442MedMay 1, 2024
    risk 0.28cvss 4.3epss 0.01

    An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php component.

  • CVE-2024-25410MedFeb 26, 2024
    risk 0.00cvss 6.5epss 0.01

    flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in update_setting.php.

  • CVE-2023-5811LowOct 27, 2023
    risk 0.00cvss 2.4epss 0.01

    A vulnerability, which was classified as problematic, was found in flusity CMS. Affected is the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument menu_id leads to cross site scripting. It is possible to launch the attack remotely. The…

  • CVE-2023-5810LowOct 27, 2023
    risk 0.00cvss 2.4epss 0.00

    A vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument edit_post_id leads to cross site scripting. The attack may be initiated…

  • CVE-2023-5793LowOct 26, 2023
    risk 0.00cvss 3.5epss 0.00

    A vulnerability was found in flusity CMS and classified as problematic. This issue affects the function loadCustomBlocCreateForm of the file /core/tools/customblock.php of the component Dashboard. The manipulation of the argument customblock_place leads to cross site scripting.…