CVE-2024-24469

Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the deletepost .php...

CVE-2024-24468

Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the addcustomblock.php...

CVE-2024-26351

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery CSRF via the component /core/tools/updateplace.php...

CVE-2024-26490

A cross-site scripting XSS vulnerability in the Addon JD Simple module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...

CVE-2024-26491

A cross-site scripting XSS vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field...

CVE-2024-26489

A cross-site scripting XSS vulnerability in the Addon JD Flusity 'Social block links' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Profile Name text field...

CVE-2024-26445

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery CSRF via the component /core/tools/deleteplace.php...

CVE-2024-26352

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery CSRF via the component /core/tools/addplaces.php...

CVE-2024-26350

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery CSRF via the component /core/tools/updatecontactformsettings.php...

CVE-2024-26349

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery CSRF via the component /core/tools/deletetranslation.php...

CVE-2024-25419

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery CSRF via the component /core/tools/updatemenu.php...

CVE-2024-33442

An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the addpost.php component...

CVE-2023-5811

A vulnerability, which was classified as problematic, was found in flusity CMS. Affected is the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument menuid leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2023-5793

A vulnerability was found in flusity CMS and classified as problematic. This issue affects the function loadCustomBlocCreateForm of the file /core/tools/customblock.php of the component Dashboard. The manipulation of the argument customblockplace leads to cross site scripting. The attack may be...

CVE-2023-5812

A vulnerability has been found in flusity CMS and classified as critical. Affected by this vulnerability is the function handleFileUpload of the file core/tools/upload.php. The manipulation of the argument uploadedfile leads to unrestricted upload. The attack can be launched remotely. The exploit...

CVE-2023-5810

A vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument editpostid leads to cross site scripting. The attack may be initiated remotely. The exploit has...

CVE-2024-33442

An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the addpost.php component...

CVE-2024-33442

An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the addpost.php component...

CVE-2024-33442

An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the addpost.php component...

CVE-2024-33442

CVE-2024-33442 affects flusity-CMS v.2.33. The issue is a remote code execution vulnerability via the add_post.php component. The vulnerability is described across multiple sources (Red Hat, NVD, osv.dev, CVE lists) with a CVSS v3.1 base score of 4.3 (Medium), network attack vector, low attack co...