Vulnerabilities > Flycms Project

DATE CVE VULNERABILITY TITLE RISK
2024-01-18 CVE-2024-22592 Cross-Site Request Forgery (CSRF) vulnerability in Flycms Project Flycms 1.0
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update
network
low complexity
flycms-project CWE-352
8.8
2024-01-18 CVE-2024-22593 Cross-Site Request Forgery (CSRF) vulnerability in Flycms Project Flycms 1.0
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save
network
low complexity
flycms-project CWE-352
8.8
2024-01-08 CVE-2023-52072 Cross-Site Request Forgery (CSRF) vulnerability in Flycms Project Flycms 1.0
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte.
network
low complexity
flycms-project CWE-352
8.8
2024-01-08 CVE-2023-52073 Cross-Site Request Forgery (CSRF) vulnerability in Flycms Project Flycms 1.0
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte.
network
low complexity
flycms-project CWE-352
8.8
2024-01-08 CVE-2023-52074 Cross-Site Request Forgery (CSRF) vulnerability in Flycms Project Flycms 1.0
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte.
network
low complexity
flycms-project CWE-352
8.8
2024-01-01 CVE-2024-21732 Cross-site Scripting vulnerability in Flycms Project Flycms 1.0
FlyCms through abbaa5a allows XSS via the permission management feature.
network
low complexity
flycms-project CWE-79
6.1
2023-05-08 CVE-2020-36065 Cross-Site Request Forgery (CSRF) vulnerability in Flycms Project Flycms 1.0
Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save.
network
low complexity
flycms-project CWE-352
8.8
2021-04-01 CVE-2020-19613 Server-Side Request Forgery (SSRF) vulnerability in Flycms Project Flycms 20190503
Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503.
network
low complexity
flycms-project CWE-918
7.5