Vulnerabilities > Flatcore > Flatcore CMS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-09 | CVE-2022-43118 | Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 2.1.0 A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field. | 6.1 |
| 2022-06-13 | CVE-2021-40902 | Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 2.0.8 flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) in the "Create New Page" option through the index page. | 5.4 |
| 2022-06-06 | CVE-2021-42245 | Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 2.0.9 FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections. | 6.1 |
| 2021-10-28 | CVE-2021-3745 | Unspecified vulnerability in Flatcore Flatcore-Cms flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type | 6.6 |
| 2021-08-23 | CVE-2021-39609 | Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 2.0.7 Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function. | 5.4 |
| 2018-01-10 | CVE-2017-1000428 | Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 1.4.6 flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string. | 6.1 |