CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24524
https://notcve.org/view.php?id=CVE-2024-24524
Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component. Cross Site Request Forgery (CSRF) en flusity-CMS v.2.33, permite a atacantes remotos ejecutar código arbitrario a través del componente add_menu.php. • https://github.com/harryrabbit5651/cms/blob/main/1.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24470
https://notcve.org/view.php?id=CVE-2024-24470
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component. Vulnerabilidad de Cross Site Request Forgery en flusity-CMS v.2.33 permite a un atacante remoto ejecutar código arbitrario a través del componente update_post.php. • https://github.com/tang-0717/cms/blob/main/1.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5812 – flusity CMS upload.php handleFileUpload unrestricted upload
https://notcve.org/view.php?id=CVE-2023-5812
A vulnerability has been found in flusity CMS and classified as critical. Affected by this vulnerability is the function handleFileUpload of the file core/tools/upload.php. The manipulation of the argument uploaded_file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/flusity/flusity-CMS/issues/4 https://vuldb.com/?ctiid.243643 https://vuldb.com/?id.243643 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5811 – flusity CMS posts.php loadPostAddForm cross site scripting
https://notcve.org/view.php?id=CVE-2023-5811
A vulnerability, which was classified as problematic, was found in flusity CMS. Affected is the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument menu_id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/flusity/flusity-CMS/commit/6943991c62ed87c7a57989a0cb7077316127def8 https://github.com/flusity/flusity-CMS/issues/3 https://vuldb.com/?ctiid.243642 https://vuldb.com/?id.243642 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5810 – flusity CMS posts.php loadPostAddForm cross site scripting
https://notcve.org/view.php?id=CVE-2023-5810
A vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument edit_post_id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/flusity/flusity-CMS/commit/6943991c62ed87c7a57989a0cb7077316127def8 https://github.com/flusity/flusity-CMS/issues/2 https://vuldb.com/?ctiid.243641 https://vuldb.com/?id.243641 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •