Vulnerabilities > Flatcore > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-16 | CVE-2021-40555 | Cross-site Scripting vulnerability in Flatcore 2.0.7 Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form. | 5.4 |
| 2022-11-09 | CVE-2022-43118 | Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 2.1.0 A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field. | 6.1 |
| 2022-06-16 | CVE-2021-41402 | Code Injection vulnerability in Flatcore Flatcore-Cms 2.0.8 flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code. | 6.5 |
| 2022-06-06 | CVE-2021-42245 | Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 2.0.9 FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections. | 4.3 |
| 2021-10-28 | CVE-2021-3745 | Unrestricted Upload of File with Dangerous Type vulnerability in Flatcore Flatcore-Cms flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type | 6.0 |
| 2021-01-15 | CVE-2021-23837 | SQL Injection vulnerability in Flatcore An issue was discovered in flatCore before 2.0.0 build 139. | 4.0 |
| 2021-01-15 | CVE-2021-23835 | Improper Input Validation vulnerability in Flatcore An issue was discovered in flatCore before 2.0.0 build 139. | 4.0 |
| 2019-07-18 | CVE-2019-13961 | Cross-Site Request Forgery (CSRF) vulnerability in Flatcore A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php. | 6.8 |
| 2019-03-30 | CVE-2019-10652 | Unrestricted Upload of File with Dangerous Type vulnerability in Flatcore 1.4.7 An issue was discovered in flatCore 1.4.7. | 6.5 |
| 2018-01-10 | CVE-2017-1000428 | Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 1.4.6 flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string. | 4.3 |