CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40555
https://notcve.org/view.php?id=CVE-2021-40555
16 Feb 2023 — Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form. • https://github.com/flatCore/flatCore-CMS/issues/56 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43118
https://notcve.org/view.php?id=CVE-2022-43118
09 Nov 2022 — A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field. Una vulnerabilidad de Cross Site Scripting (XSS) en flatCore-CMS v2.1.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el campo de texto Username. • https://github.com/flatCore/flatCore-CMS/issues/86 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41402
https://notcve.org/view.php?id=CVE-2021-41402
16 Jun 2022 — flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code. flatCore-CMS versión v2.0.8, presenta una vulnerabilidad de ejecución de código, que podría permitir a un usuario remoto malicioso ejecutar código PHP arbitrario • https://github.com/flatCore/flatCore-CMS/issues/59 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41403
https://notcve.org/view.php?id=CVE-2021-41403
15 Jun 2022 — flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery vulnerabilities. flatCore-CMS versión 2.0.8, llama a funciones peligrosas, causando vulnerabilidades de tipo server-side request forgery • https://github.com/flatCore/flatCore-CMS/issues/60 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40902
https://notcve.org/view.php?id=CVE-2021-40902
13 Jun 2022 — flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) in the "Create New Page" option through the index page. flatCore-CMS versión 2.0.8, está afectada por un ataque de tipo Cross Site Scripting (XSS) en la opción "Create New Page" mediante la página de índice • https://github.com/flatCore/flatCore-CMS/issues/57 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-42245
https://notcve.org/view.php?id=CVE-2021-42245
06 Jun 2022 — FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections. FlatCore-CMS versión 2.0.9, presenta una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo pages.edit.php mediante meta tags y secciones de contenido • https://github.com/flatCore/flatCore-CMS/issues/69 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3745 – Unrestricted Upload of File with Dangerous Type in flatcore/flatcore-cms
https://notcve.org/view.php?id=CVE-2021-3745
28 Oct 2021 — flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type flatcore-cms es vulnerable a una Carga no Restringida de Archivos de Tipo Peligroso • https://github.com/flatcore/flatcore-cms/commit/5cc3937b6bc38293ec921a5cf00018b48b668dc6 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2021-39609
https://notcve.org/view.php?id=CVE-2021-39609
23 Aug 2021 — Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en FlatCore-CMS versión 2.0.7, por medio de la función upload image. • https://github.com/flatCore/flatCore-CMS/issues/53 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 4CVE-2021-39608 – FlatCore CMS 2.0.7 - Remote Code Execution (RCE) (Authenticated)
https://notcve.org/view.php?id=CVE-2021-39608
23 Aug 2021 — Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code. Se presenta una vulnerabilidad de ejecución de código remota (RCE) en FlatCore-CMS versión 2.0.7, por medio del plugin upload addon, que podría permitir a un usuario remoto malicioso ejecutar código php arbitrario. • https://packetstorm.news/files/id/164047 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 2CVE-2021-23837 – flatCore CMS XSS / File Disclosure / SQL Injection
https://notcve.org/view.php?id=CVE-2021-23837
13 Jan 2021 — An issue was discovered in flatCore before 2.0.0 build 139. A time-based blind SQL injection was identified in the selected_folder HTTP request body parameter for the acp interface. The affected parameter (which retrieves the file contents of the specified folder) was found to be accepting malicious user input without proper sanitization, thus leading to SQL injection. Database related information can be successfully retrieved. Se detectó un problema en flatCore versiones anteriores a 2.0.0 build 139. • https://packetstorm.news/files/id/160936 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •