Vulnerabilities > Flatcore
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-16 | CVE-2021-40555 | Cross-site Scripting vulnerability in Flatcore 2.0.7 Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form. | 5.4 |
| 2022-11-09 | CVE-2022-43118 | Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 2.1.0 A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field. | 6.1 |
| 2022-06-16 | CVE-2021-41402 | Code Injection vulnerability in Flatcore Flatcore-Cms 2.0.8 flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code. | 6.5 |
| 2022-06-15 | CVE-2021-41403 | Server-Side Request Forgery (SSRF) vulnerability in Flatcore Flatcore-Cms 2.0.8 flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery vulnerabilities. | 7.5 |
| 2022-06-13 | CVE-2021-40902 | Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 2.0.8 flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) in the "Create New Page" option through the index page. | 3.5 |
| 2022-06-06 | CVE-2021-42245 | Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 2.0.9 FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections. | 4.3 |
| 2021-10-28 | CVE-2021-3745 | Unrestricted Upload of File with Dangerous Type vulnerability in Flatcore Flatcore-Cms flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type | 6.0 |
| 2021-08-23 | CVE-2021-39608 | Unrestricted Upload of File with Dangerous Type vulnerability in Flatcore Flatcore-Cms 2.0.7 Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code. | 9.0 |
| 2021-08-23 | CVE-2021-39609 | Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 2.0.7 Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function. | 3.5 |
| 2021-01-15 | CVE-2021-23838 | Cross-site Scripting vulnerability in Flatcore An issue was discovered in flatCore before 2.0.0 build 139. | 3.5 |