CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26489
https://notcve.org/view.php?id=CVE-2024-26489
22 Feb 2024 — A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Social block links' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Profile Name text field. Una vulnerabilidad de Cross-Site Scripting (XSS) en Addon JD Flusity 'Social block links' module of flusity-CMS v2.33 permite a los atacantes ejecutar script web o HTML arbitrario a través de un payload manipulado inyectado en el campo de texto Nombre del perfil. • https://github.com/2111715623/cms/blob/main/3.md •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25502
https://notcve.org/view.php?id=CVE-2024-25502
15 Feb 2024 — Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component. Vulnerabilidad de Directory Traversal en flusity CMS v.2.4 permite a un atacante remoto ejecutar código arbitrario y obtener información confidencial a través del componente download_backup.php. • https://github.com/flusity/flusity-CMS/issues/10 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-25417
https://notcve.org/view.php?id=CVE-2024-25417
11 Feb 2024 — flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php. Se descubrió que flusity-CMS v2.33 contenía Cross-Site Request Forgery (CSRF) a través del componente /core/tools/add_translation.php. • https://github.com/Carl0724/cms/blob/main/3.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-25418
https://notcve.org/view.php?id=CVE-2024-25418
11 Feb 2024 — flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php. Se descubrió que flusity-CMS v2.33 contenía Cross-Site Request Forgery (CSRF) a través del componente /core/tools/delete_menu.php. • https://github.com/Carl0724/cms/blob/main/2.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-25419
https://notcve.org/view.php?id=CVE-2024-25419
11 Feb 2024 — flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php. Se descubrió que flusity-CMS v2.33 contenía Cross-Site Request Forgery (CSRF) a través del componente /core/tools/update_menu.php. • https://github.com/Carl0724/cms/blob/main/1.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24468
https://notcve.org/view.php?id=CVE-2024-24468
05 Feb 2024 — Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php. Vulnerabilidad de Cross Site Request Forgery en flusity-CMS v.2.33 permite a un atacante remoto ejecutar código arbitrario a través de add_customblock.php. • https://github.com/tang-0717/cms/blob/main/3.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24469
https://notcve.org/view.php?id=CVE-2024-24469
05 Feb 2024 — Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php. Vulnerabilidad de Cross Site Request Forgery en flusity-CMS v.2.33 permite a un atacante remoto ejecutar código arbitrario a través de delete_post .php. • https://github.com/tang-0717/cms/blob/main/2.md • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24470
https://notcve.org/view.php?id=CVE-2024-24470
02 Feb 2024 — Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component. Vulnerabilidad de Cross Site Request Forgery en flusity-CMS v.2.33 permite a un atacante remoto ejecutar código arbitrario a través del componente update_post.php. • https://github.com/tang-0717/cms/blob/main/1.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24524
https://notcve.org/view.php?id=CVE-2024-24524
02 Feb 2024 — Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component. Cross Site Request Forgery (CSRF) en flusity-CMS v.2.33, permite a atacantes remotos ejecutar código arbitrario a través del componente add_menu.php. • https://github.com/harryrabbit5651/cms/blob/main/1.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5812 – flusity CMS upload.php handleFileUpload unrestricted upload
https://notcve.org/view.php?id=CVE-2023-5812
27 Oct 2023 — A vulnerability has been found in flusity CMS and classified as critical. Affected by this vulnerability is the function handleFileUpload of the file core/tools/upload.php. The manipulation of the argument uploaded_file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/flusity/flusity-CMS/issues/4 • CWE-434: Unrestricted Upload of File with Dangerous Type •