CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5812 – flusity CMS upload.php handleFileUpload unrestricted upload
https://notcve.org/view.php?id=CVE-2023-5812
27 Oct 2023 — A vulnerability has been found in flusity CMS and classified as critical. Affected by this vulnerability is the function handleFileUpload of the file core/tools/upload.php. The manipulation of the argument uploaded_file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/flusity/flusity-CMS/issues/4 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5811 – flusity CMS posts.php loadPostAddForm cross site scripting
https://notcve.org/view.php?id=CVE-2023-5811
27 Oct 2023 — A vulnerability, which was classified as problematic, was found in flusity CMS. Affected is the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument menu_id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/flusity/flusity-CMS/commit/6943991c62ed87c7a57989a0cb7077316127def8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5810 – flusity CMS posts.php loadPostAddForm cross site scripting
https://notcve.org/view.php?id=CVE-2023-5810
27 Oct 2023 — A vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument edit_post_id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/flusity/flusity-CMS/commit/6943991c62ed87c7a57989a0cb7077316127def8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •