Vulnerabilities > Flatnux > Flatnux > 2011.08.09.2

DATE CVE VULNERABILITY TITLE RISK
2012-09-10 CVE-2012-4892 Cross-Site Scripting vulnerability in Flatnux
Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2012-03.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title_en, (2) summary_en, or (3) body_en parameter in a submitnews action to the news module, a different vulnerability than CVE-2012-4890.
network
flatnux CWE-79
4.3
4.3
2012-09-10 CVE-2012-4890 Cross-Site Scripting vulnerability in Flatnux
Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2011 08.09.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) comment to the news, (2) title to the news, or (3) the folder names in a gallery.
network
flatnux CWE-79
4.3
4.3
2012-09-06 CVE-2012-4878 Path Traversal vulnerability in Flatnux 201108092
Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.
network
low complexity
flatnux CWE-22
5.0
5.0
2012-09-06 CVE-2012-4877 Cross-Site Request Forgery (CSRF) vulnerability in Flatnux
Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts.
network
flatnux CWE-352
6.8
6.8