Flycms_project Flycms

19 CVEs affecting Flycms_project Flycms. Latest disclosed: 2024-03-04. Critical: 0, High: 16.

Top CVEs affecting Flycms_project Flycms
CVESeverityScorePublishedSummary
CVE-2024-22819High8.82024-01-18FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update.
CVE-2024-22818High8.82024-01-18FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save
CVE-2024-22817High8.82024-01-18FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte
CVE-2024-22603High8.82024-01-18FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link
CVE-2024-22601High8.82024-01-18FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save
CVE-2024-22699High8.82024-01-18FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save.
CVE-2024-22593High8.82024-01-18FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save
CVE-2024-22592High8.82024-01-18FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update
CVE-2024-22591High8.82024-01-18FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save.
CVE-2024-22568High8.82024-01-18FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del.
CVE-2023-52074High8.82024-01-08FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte.
CVE-2023-52073High8.82024-01-08FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte.
CVE-2023-52072High8.82024-01-08FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte.
CVE-2020-36065High8.82023-05-08Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save.
CVE-2020-19613High7.52021-04-01Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503.
CVE-2024-27694High7.42024-03-04FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit.
CVE-2024-21732Medium6.12024-01-01FlyCms through abbaa5a allows XSS via the permission management feature.
CVE-2024-22549Medium5.42024-01-18FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section.
CVE-2024-22548Medium5.42024-01-18FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section.