Vulnerabilities > Flowpaper > Flexpaper > 2.2.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-03 | CVE-2018-11686 | Improper Input Validation vulnerability in Flowpaper Flexpaper The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via setup.php and change_config.php. | 7.5 |
| 2017-10-17 | CVE-2014-9678 | Improper Input Validation vulnerability in Flowpaper Flexpaper FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers to conduct content-spoofing attacks via the Swfile parameter. | 4.3 |
| 2017-10-17 | CVE-2014-9677 | Cross-site Scripting vulnerability in Flowpaper Flexpaper Cross-site scripting (XSS) vulnerability in FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the Swfile parameter. | 4.3 |