CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33442
https://notcve.org/view.php?id=CVE-2024-33442
01 May 2024 — An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php component. Un problema en flusity-CMS v.2.33 permite a un atacante remoto ejecutar código arbitrario a través del componente add_post.php. • https://github.com/summerwayace/cms/blob/main/1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32418
https://notcve.org/view.php?id=CVE-2024-32418
22 Apr 2024 — An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component. Un problema en flusity CMS v2.33 permite a un atacante remoto ejecutar código arbitrario a través del componente add_addon.php. • https://github.com/PWB003/cms/blob/main/1.md • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27757
https://notcve.org/view.php?id=CVE-2024-27757
18 Mar 2024 — flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024." Flusity CMS hasta 2.45 permite herramientas/addons_model.php Nombre de galería XSS. El reportero indica que este producto “cesó su desarrollo a partir de febrero de 2024”. • https://github.com/jubilianite/flusity-CMS/security/advisories/GHSA-5843-5m74-7fqh • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27680
https://notcve.org/view.php?id=CVE-2024-27680
04 Mar 2024 — Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS) in the "Contact form." • https://github.com/xiaolanjing0/cms/blob/main/4.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27668
https://notcve.org/view.php?id=CVE-2024-27668
04 Mar 2024 — Flusity-CMS v2.33 is affected by: Cross Site Scripting (XSS) in 'Custom Blocks.' • https://github.com/LY102483/cms/blob/main/1.md •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25410
https://notcve.org/view.php?id=CVE-2024-25410
26 Feb 2024 — flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in update_setting.php. flusity-CMS 2.33 es vulnerable a la carga sin restricciones de archivos con tipo peligroso en update_setting.php. • https://github.com/flusity/flusity-CMS/commit/b99de3bd05677e8b61c04a70235faa6001556b3b • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26445
https://notcve.org/view.php?id=CVE-2024-26445
22 Feb 2024 — flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php Se descubrió que flusity-CMS v2.33 contenía Cross-Site Request Forgery (CSRF) a través del componente /core/tools/delete_place.php • https://github.com/xiaolanjing0/cms/blob/main/1.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26352
https://notcve.org/view.php?id=CVE-2024-26352
22 Feb 2024 — flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.php Se descubrió que flusity-CMS v2.33 contenía Cross-Site Request Forgery (CSRF) a través del componente /core/tools/add_places.php • https://github.com/Icycu123/cms/blob/main/3.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26491
https://notcve.org/view.php?id=CVE-2024-26491
22 Feb 2024 — A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field. Una vulnerabilidad de Cross-Site Scripting (XSS) en el módulo adicional JD Flusity 'Galería de medios con descripción' de flusity-CMS v2.33 permite a los atacantes ejecutar script web o HTML arbitrario a través de un payload manipulado inyectado en el campo de ... • https://github.com/2111715623/cms/blob/main/1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26349
https://notcve.org/view.php?id=CVE-2024-26349
22 Feb 2024 — flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_translation.php Se descubrió que flusity-CMS v2.33 contenía Cross-Site Request Forgery (CSRF) a través del componente /core/tools/delete_translation.php • https://github.com/Icycu123/cms/blob/main/1.md • CWE-352: Cross-Site Request Forgery (CSRF) •