Vulnerabilities > Flowpaper > Flexpaper

DATE CVE VULNERABILITY TITLE RISK
2019-07-03 CVE-2018-11686 Improper Input Validation vulnerability in Flowpaper Flexpaper
The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via setup.php and change_config.php.
network
low complexity
flowpaper CWE-20
critical
 9.8
9.8
2017-10-17 CVE-2014-9678 Improper Input Validation vulnerability in Flowpaper Flexpaper
FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers to conduct content-spoofing attacks via the Swfile parameter.
network
low complexity
flowpaper CWE-20
6.1
6.1
2017-10-17 CVE-2014-9677 Cross-site Scripting vulnerability in Flowpaper Flexpaper
Cross-site scripting (XSS) vulnerability in FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the Swfile parameter.
network
low complexity
flowpaper CWE-79
6.1
6.1