Vulnerabilities > Flatnux > Flatnux > 2009.01.27
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-10 | CVE-2012-4892 | Cross-Site Scripting vulnerability in Flatnux Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2012-03.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title_en, (2) summary_en, or (3) body_en parameter in a submitnews action to the news module, a different vulnerability than CVE-2012-4890. | 4.3 |
| 2012-09-10 | CVE-2012-4890 | Cross-Site Scripting vulnerability in Flatnux Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2011 08.09.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) comment to the news, (2) title to the news, or (3) the folder names in a gallery. | 4.3 |
| 2012-09-06 | CVE-2012-4877 | Cross-Site Request Forgery (CSRF) vulnerability in Flatnux Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts. | 6.8 |
| 2009-02-13 | CVE-2009-0572 | Code Injection vulnerability in Flatnux 20090127/20090204 PHP remote file inclusion vulnerability in include/flatnux.php in FlatnuX CMS (aka Flatnuke3) 2009-01-27 and 2009-02-04, when register_globals is enabled and magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the _FNROOTPATH parameter to (1) index.php and (2) filemanager.php. | 5.1 |