CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-25417
https://notcve.org/view.php?id=CVE-2024-25417
11 Feb 2024 — flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php. Se descubrió que flusity-CMS v2.33 contenía Cross-Site Request Forgery (CSRF) a través del componente /core/tools/add_translation.php. • https://github.com/Carl0724/cms/blob/main/3.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-25418
https://notcve.org/view.php?id=CVE-2024-25418
11 Feb 2024 — flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php. Se descubrió que flusity-CMS v2.33 contenía Cross-Site Request Forgery (CSRF) a través del componente /core/tools/delete_menu.php. • https://github.com/Carl0724/cms/blob/main/2.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-25419
https://notcve.org/view.php?id=CVE-2024-25419
11 Feb 2024 — flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php. Se descubrió que flusity-CMS v2.33 contenía Cross-Site Request Forgery (CSRF) a través del componente /core/tools/update_menu.php. • https://github.com/Carl0724/cms/blob/main/1.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24468
https://notcve.org/view.php?id=CVE-2024-24468
05 Feb 2024 — Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php. Vulnerabilidad de Cross Site Request Forgery en flusity-CMS v.2.33 permite a un atacante remoto ejecutar código arbitrario a través de add_customblock.php. • https://github.com/tang-0717/cms/blob/main/3.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24469
https://notcve.org/view.php?id=CVE-2024-24469
05 Feb 2024 — Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php. Vulnerabilidad de Cross Site Request Forgery en flusity-CMS v.2.33 permite a un atacante remoto ejecutar código arbitrario a través de delete_post .php. • https://github.com/tang-0717/cms/blob/main/2.md • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24470
https://notcve.org/view.php?id=CVE-2024-24470
02 Feb 2024 — Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component. Vulnerabilidad de Cross Site Request Forgery en flusity-CMS v.2.33 permite a un atacante remoto ejecutar código arbitrario a través del componente update_post.php. • https://github.com/tang-0717/cms/blob/main/1.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24524
https://notcve.org/view.php?id=CVE-2024-24524
02 Feb 2024 — Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component. Cross Site Request Forgery (CSRF) en flusity-CMS v.2.33, permite a atacantes remotos ejecutar código arbitrario a través del componente add_menu.php. • https://github.com/harryrabbit5651/cms/blob/main/1.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5812 – flusity CMS upload.php handleFileUpload unrestricted upload
https://notcve.org/view.php?id=CVE-2023-5812
27 Oct 2023 — A vulnerability has been found in flusity CMS and classified as critical. Affected by this vulnerability is the function handleFileUpload of the file core/tools/upload.php. The manipulation of the argument uploaded_file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/flusity/flusity-CMS/issues/4 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5811 – flusity CMS posts.php loadPostAddForm cross site scripting
https://notcve.org/view.php?id=CVE-2023-5811
27 Oct 2023 — A vulnerability, which was classified as problematic, was found in flusity CMS. Affected is the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument menu_id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/flusity/flusity-CMS/commit/6943991c62ed87c7a57989a0cb7077316127def8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5810 – flusity CMS posts.php loadPostAddForm cross site scripting
https://notcve.org/view.php?id=CVE-2023-5810
27 Oct 2023 — A vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument edit_post_id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/flusity/flusity-CMS/commit/6943991c62ed87c7a57989a0cb7077316127def8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •