Flycms_project Flycms
19 CVEs affecting Flycms_project Flycms. Latest disclosed: 2024-03-04. Critical: 0, High: 16.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-22819 | High | 8.8 | 2024-01-18 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update. |
CVE-2024-22818 | High | 8.8 | 2024-01-18 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save |
CVE-2024-22817 | High | 8.8 | 2024-01-18 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte |
CVE-2024-22603 | High | 8.8 | 2024-01-18 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link |
CVE-2024-22601 | High | 8.8 | 2024-01-18 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save |
CVE-2024-22699 | High | 8.8 | 2024-01-18 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save. |
CVE-2024-22593 | High | 8.8 | 2024-01-18 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save |
CVE-2024-22592 | High | 8.8 | 2024-01-18 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update |
CVE-2024-22591 | High | 8.8 | 2024-01-18 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save. |
CVE-2024-22568 | High | 8.8 | 2024-01-18 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del. |
CVE-2023-52074 | High | 8.8 | 2024-01-08 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte. |
CVE-2023-52073 | High | 8.8 | 2024-01-08 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte. |
CVE-2023-52072 | High | 8.8 | 2024-01-08 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte. |
CVE-2020-36065 | High | 8.8 | 2023-05-08 | Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save. |
CVE-2020-19613 | High | 7.5 | 2021-04-01 | Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503. |
CVE-2024-27694 | High | 7.4 | 2024-03-04 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit. |
CVE-2024-21732 | Medium | 6.1 | 2024-01-01 | FlyCms through abbaa5a allows XSS via the permission management feature. |
CVE-2024-22549 | Medium | 5.4 | 2024-01-18 | FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section. |
CVE-2024-22548 | Medium | 5.4 | 2024-01-18 | FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section. |