CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40555
https://notcve.org/view.php?id=CVE-2021-40555
16 Feb 2023 — Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form. • https://github.com/flatCore/flatCore-CMS/issues/56 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2021-39609
https://notcve.org/view.php?id=CVE-2021-39609
23 Aug 2021 — Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en FlatCore-CMS versión 2.0.7, por medio de la función upload image. • https://github.com/flatCore/flatCore-CMS/issues/53 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 4CVE-2021-39608 – FlatCore CMS 2.0.7 - Remote Code Execution (RCE) (Authenticated)
https://notcve.org/view.php?id=CVE-2021-39608
23 Aug 2021 — Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code. Se presenta una vulnerabilidad de ejecución de código remota (RCE) en FlatCore-CMS versión 2.0.7, por medio del plugin upload addon, que podría permitir a un usuario remoto malicioso ejecutar código php arbitrario. • https://packetstorm.news/files/id/164047 • CWE-434: Unrestricted Upload of File with Dangerous Type •