Flatcore CMS

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-09	CVE-2022-43118	Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 2.1.0 A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field. network low complexity flatcore CWE-79	6.1
2022-06-16	CVE-2021-41402	Code Injection vulnerability in Flatcore Flatcore-Cms 2.0.8 flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code. network low complexity flatcore CWE-94	8.8
2022-06-15	CVE-2021-41403	Server-Side Request Forgery (SSRF) vulnerability in Flatcore Flatcore-Cms 2.0.8 flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery vulnerabilities. network low complexity flatcore CWE-918 critical	9.8
2022-06-13	CVE-2021-40902	Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 2.0.8 flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) in the "Create New Page" option through the index page. network low complexity flatcore CWE-79	5.4
2022-06-06	CVE-2021-42245	Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 2.0.9 FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections. network low complexity flatcore CWE-79	6.1
2021-10-28	CVE-2021-3745	Unspecified vulnerability in Flatcore Flatcore-Cms flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type network high complexity flatcore	6.6
2021-08-23	CVE-2021-39608	Unrestricted Upload of File with Dangerous Type vulnerability in Flatcore Flatcore-Cms 2.0.7 Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code. network low complexity flatcore CWE-434	7.2
2021-08-23	CVE-2021-39609	Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 2.0.7 Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function. network low complexity flatcore CWE-79	5.4
2018-01-10	CVE-2017-1000428	Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 1.4.6 flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string. network low complexity flatcore CWE-79	6.1
2017-05-10	CVE-2017-8868	Path Traversal vulnerability in Flatcore Flatcore-Cms 1.4.7 acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. network low complexity flatcore CWE-22	7.5