Lucene search
K
Flycms ProjectFlycms

19 matches found

CVE
CVE
added 2021/04/01 6:51 p.m.66 views

CVE-2020-19613

CVE-2020-19613 is an SSRF in sunkaifei FlyCMS (version 20190503). Affected component: ImagesService.java, function saveUrlAs. The vulnerability is described across multiple sources as a Server Side Request Forgery affecting FlyCMS, but the connected documents do not provide exploitation details, ...

7.5CVSS7.5AI score0.01258EPSS
CVE
CVE
added 2024/01/01 12:0 a.m.62 views

CVE-2024-21732

The CVE-2024-21732 entry concerns FlyCms using commit abbaa5a, where an XSS flaw is exposed through the permission management feature. The advisory indicates that an attacker can exploit this via a reflected or stored XSS path within the permission management UI, with CVSS v3.1 metrics: AV:N/AC:L...

6.1CVSS5.9AI score0.00427EPSS
CVE
CVE
added 2024/03/04 12:0 a.m.56 views

CVE-2024-27694

Vulnerability summary (CVE-2024-27694): FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) flaw exposed at the endpoint /system/share/ztree_category_edit. Multiple sources indicate the issue stems from inadequate validation of whether a request originates from a trusted user. The Red Hat/CN...

7.4CVSS7.4AI score0.00239EPSS
CVE
CVE
added 2024/01/18 12:0 a.m.55 views

CVE-2024-22699

CVE-2024-22699 affects FlyCms v1.0 and is a Cross-Site Request Forgery (CSRF) vulnerability exposed via the /system/admin/update_group_save endpoint. The CVE’s impact is rated high (CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), with attacker interaction required and no privileges required. The ...

8.8CVSS8.7AI score0.00352EPSS
CVE
CVE
added 2024/01/08 12:0 a.m.49 views

CVE-2023-52074

CVE-2023-52074 affects FlyCms v1.0 with a Cross-Site Request Forgery (CSRF) vulnerability in the component path system/site/webconfig_updagte . Descriptions across sources consistently state CSRF as the issue; the root cause is the CSRF in that component, enabling unauthorized actions to be perfo...

8.8CVSS8.8AI score0.00286EPSS
CVE
CVE
added 2024/01/08 12:0 a.m.46 views

CVE-2023-52073

CVE-2023-52073 affects FlyCms v1.0 with a Cross-Site Request Forgery (CSRF) vulnerability in the component "/system/site/config_footer_updagte". Public sources indicate a high-severity issue (CVSS 3.1: 8.8) allowing unauthorized actions via CSRF, with user interaction required. A practical remedi...

8.8CVSS8.8AI score0.00286EPSS
CVE
CVE
added 2023/05/08 12:0 a.m.45 views

CVE-2020-36065

CVE-2020-36065 (FlyCms 1.0) describes a CSRF vulnerability in the FlyCms 1.0 platform that lets an attacker add arbitrary administrator accounts via the endpoint at system/admin/admin_save. The root cause is a CSRF weakness in the admin creation flow, enabling privilege escalation. Reported impac...

8.8CVSS8.7AI score0.00337EPSS
CVE
CVE
added 2024/01/18 12:0 a.m.44 views

CVE-2024-22817

FlyCms v1.0 is affected by a Cross-Site Request Forgery (CSRF) vulnerability in the /system/email/email_conf_updagte endpoint. The CVE-2024-22817 entry indicates a high-severity issue (CVSS 3.1: 8.8) with network attack vector, low attack complexity, no privileges required, and user interaction r...

8.8CVSS8.7AI score0.00321EPSS
CVE
CVE
added 2024/01/18 12:0 a.m.44 views

CVE-2024-22819

CVE-2024-22819 affects FlyCms v1.0 and is a Cross-Site Request Forgery (CSRF) vulnerability exploitable via the /system/email/email_templets_update endpoint. The issue arises from an unsafe CSRF protection surface on that API, allowing unintended requests to be performed in the context of an auth...

8.8CVSS8.7AI score0.00321EPSS
CVE
CVE
added 2024/01/18 12:0 a.m.43 views

CVE-2024-22568

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability exploitable via /system/score/del. The CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) yields a base score of 8.8 (HIGH), indicating high impact on confidentiality, integrity, and availability. Exploitation status is no...

8.8CVSS8.7AI score0.00286EPSS
CVE
CVE
added 2024/01/18 12:0 a.m.42 views

CVE-2024-22549

FlyCms 1.0 is reported vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section. The affected component is the email settings area within FlyCms 1.0; the available documents do not provide root-cause specifics or formal patch details. Exploitation status is n...

5.4CVSS5.3AI score0.00379EPSS
CVE
CVE
added 2024/01/18 12:0 a.m.41 views

CVE-2024-22548

Summary: CVE-2024-22548 affects FlyCms 1.0, with a Cross Site Scripting (XSS) vulnerability in the system website settings, specifically the website name field. What’s in scope (from provided docs): The vulnerability is described as XSS in FlyCms 1.0. CVSS v3.1 metrics indicate a base score of 5....

5.4CVSS5.2AI score0.00439EPSS
CVE
CVE
added 2024/01/18 12:0 a.m.41 views

CVE-2024-22591

Summary: CVE-2024-22591 affects FlyCms v1.0 and is a Cross-Site Request Forgery (CSRF) vulnerability exploitable via the /system/user/group_save endpoint. The NVD/Red Hat/CNNVD entries all reinforce the same flaw, with a CVSS v3.1 base score of 8.8 (High impact) and an attack vector of Network wi...

8.8CVSS8.7AI score0.00317EPSS
CVE
CVE
added 2024/01/18 12:0 a.m.41 views

CVE-2024-22592

FlyCms v1.0 is affected by a Cross-Site Request Forgery (CSRF) vulnerability in the /system/user/group_update endpoint. The CVSS metrics indicate a High impact across confidentiality, integrity, and availability with network access, low attack complexity, no privileges required, and user interact...

8.8CVSS8.7AI score0.00324EPSS
CVE
CVE
added 2024/01/18 12:0 a.m.40 views

CVE-2024-22593

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via the endpoint /system/admin/add_group_save. The issue allows forging requests to perform sensitive operations by an authenticated user, with CVSS v3.1 base metrics indicating high impact (C, I, A = High) and user interactio...

8.8CVSS8.8AI score0.00324EPSS
CVE
CVE
added 2024/01/18 12:0 a.m.40 views

CVE-2024-22603

FlyCms v1.0 has a Cross-Site Request Forgery (CSRF) vulnerability exposed at the /system/links/add_link endpoint. The cited CVSS metrics indicate high impact (C/H/I/A) with network attack vector, low attack complexity, no privileges required, but user interaction required. Root cause details are ...

8.8CVSS8.7AI score0.00328EPSS
CVE
CVE
added 2024/01/18 12:0 a.m.38 views

CVE-2024-22601

CVE-2024-22601 concerns FlyCms v1.0 and a CSRF vulnerability exploitable at the API endpoint /system/score/scorerule_save. The connected documents consistently describe a Cross-Site Request Forgery issue in FlyCms 1.0, with the underlying risk indicated as high (CVSS v3.1: AV:N/AC:L/PR:N/UI:R/S:U...

8.8CVSS8.7AI score0.00235EPSS
CVE
CVE
added 2024/01/08 12:0 a.m.37 views

CVE-2023-52072

Affected software/variant: FlyCms v1.0. The vulnerability is a Cross-Site Request Forgery (CSRF) in the component "/system/site/userconfig_updagte". Impact (as stated): allows unauthorized actions to be performed via CSRF, with high-severity metrics (CVSSv3.1 base score 8.8, HIGH). The attack vec...

8.8CVSS8.8AI score0.00286EPSS
CVE
CVE
added 2024/01/18 12:0 a.m.32 views

CVE-2024-22818

CVE-2024-22818 affects FlyCms v1.0 and describes a Cross-Site Request Forgery (CSRF) at the endpoint /system/site/filterKeyword_save . According to the sources, this vulnerability enables unauthorized actions on the affected system when a user is authenticated, with a CVSS harness indicating NETW...

8.8CVSS8.7AI score0.00321EPSS