Vulnerabilities > Fiyo > Fiyo CMS > 2.0.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-17 | CVE-2020-35373 | Cross-site Scripting vulnerability in Fiyo CMS 2.0.6.1 In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack. | 6.1 |
| 2017-03-12 | CVE-2017-6823 | Authentication Bypass by Capture-replay vulnerability in Fiyo CMS 2.0.6.1 Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action. | 6.5 |