3 matches found
CVE-2018-11686
CVE-2018-11686 affects FlexPaper/FlowPaper 2.3.6 . The Publish Service allows remote code execution via setup.php and change_config.php , enabling unauthenticated attackers to run arbitrary code on the server and potentially compromise the host and all hosted documents. Remediation: upgrade to Fl...
CVE-2014-9677
CVE-2014-9677 is an XSS in FlexPaperViewer.swf (Flexpaper) prior to 2.3.1. The vulnerability arises in the FlexPaperViewer.swf component via the Swfile parameter, allowing remote attackers to inject arbitrary web script/HTML. Connected CNVD entry confirms FlexPaper before 2.3.1 as affected; CNVD-...
CVE-2014-9678
The vulnerability CVE-2014-9678 affects FlexPaperViewer.swf in Flexpaper up to version 2.3.1. A remote attacker can abuse the Swfile parameter to perform content-spoofing, as described by multiple sources (CVE-2014-9678 and related CNVD/CVE entries). The root cause is insecure handling of the Swf...