19 matches found
CVE-2020-19613
CVE-2020-19613 is an SSRF in sunkaifei FlyCMS (version 20190503). Affected component: ImagesService.java, function saveUrlAs. The vulnerability is described across multiple sources as a Server Side Request Forgery affecting FlyCMS, but the connected documents do not provide exploitation details, ...
CVE-2024-21732
The CVE-2024-21732 entry concerns FlyCms using commit abbaa5a, where an XSS flaw is exposed through the permission management feature. The advisory indicates that an attacker can exploit this via a reflected or stored XSS path within the permission management UI, with CVSS v3.1 metrics: AV:N/AC:L...
CVE-2024-27694
Vulnerability summary (CVE-2024-27694): FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) flaw exposed at the endpoint /system/share/ztree_category_edit. Multiple sources indicate the issue stems from inadequate validation of whether a request originates from a trusted user. The Red Hat/CN...
CVE-2024-22699
CVE-2024-22699 affects FlyCms v1.0 and is a Cross-Site Request Forgery (CSRF) vulnerability exposed via the /system/admin/update_group_save endpoint. The CVE’s impact is rated high (CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), with attacker interaction required and no privileges required. The ...
CVE-2023-52074
CVE-2023-52074 affects FlyCms v1.0 with a Cross-Site Request Forgery (CSRF) vulnerability in the component path system/site/webconfig_updagte . Descriptions across sources consistently state CSRF as the issue; the root cause is the CSRF in that component, enabling unauthorized actions to be perfo...
CVE-2023-52073
CVE-2023-52073 affects FlyCms v1.0 with a Cross-Site Request Forgery (CSRF) vulnerability in the component "/system/site/config_footer_updagte". Public sources indicate a high-severity issue (CVSS 3.1: 8.8) allowing unauthorized actions via CSRF, with user interaction required. A practical remedi...
CVE-2020-36065
CVE-2020-36065 (FlyCms 1.0) describes a CSRF vulnerability in the FlyCms 1.0 platform that lets an attacker add arbitrary administrator accounts via the endpoint at system/admin/admin_save. The root cause is a CSRF weakness in the admin creation flow, enabling privilege escalation. Reported impac...
CVE-2024-22817
FlyCms v1.0 is affected by a Cross-Site Request Forgery (CSRF) vulnerability in the /system/email/email_conf_updagte endpoint. The CVE-2024-22817 entry indicates a high-severity issue (CVSS 3.1: 8.8) with network attack vector, low attack complexity, no privileges required, and user interaction r...
CVE-2024-22819
CVE-2024-22819 affects FlyCms v1.0 and is a Cross-Site Request Forgery (CSRF) vulnerability exploitable via the /system/email/email_templets_update endpoint. The issue arises from an unsafe CSRF protection surface on that API, allowing unintended requests to be performed in the context of an auth...
CVE-2024-22568
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability exploitable via /system/score/del. The CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) yields a base score of 8.8 (HIGH), indicating high impact on confidentiality, integrity, and availability. Exploitation status is no...
CVE-2024-22549
FlyCms 1.0 is reported vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section. The affected component is the email settings area within FlyCms 1.0; the available documents do not provide root-cause specifics or formal patch details. Exploitation status is n...
CVE-2024-22548
Summary: CVE-2024-22548 affects FlyCms 1.0, with a Cross Site Scripting (XSS) vulnerability in the system website settings, specifically the website name field. What’s in scope (from provided docs): The vulnerability is described as XSS in FlyCms 1.0. CVSS v3.1 metrics indicate a base score of 5....
CVE-2024-22591
Summary: CVE-2024-22591 affects FlyCms v1.0 and is a Cross-Site Request Forgery (CSRF) vulnerability exploitable via the /system/user/group_save endpoint. The NVD/Red Hat/CNNVD entries all reinforce the same flaw, with a CVSS v3.1 base score of 8.8 (High impact) and an attack vector of Network wi...
CVE-2024-22592
FlyCms v1.0 is affected by a Cross-Site Request Forgery (CSRF) vulnerability in the /system/user/group_update endpoint. The CVSS metrics indicate a High impact across confidentiality, integrity, and availability with network access, low attack complexity, no privileges required, and user interact...
CVE-2024-22593
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via the endpoint /system/admin/add_group_save. The issue allows forging requests to perform sensitive operations by an authenticated user, with CVSS v3.1 base metrics indicating high impact (C, I, A = High) and user interactio...
CVE-2024-22603
FlyCms v1.0 has a Cross-Site Request Forgery (CSRF) vulnerability exposed at the /system/links/add_link endpoint. The cited CVSS metrics indicate high impact (C/H/I/A) with network attack vector, low attack complexity, no privileges required, but user interaction required. Root cause details are ...
CVE-2024-22601
CVE-2024-22601 concerns FlyCms v1.0 and a CSRF vulnerability exploitable at the API endpoint /system/score/scorerule_save. The connected documents consistently describe a Cross-Site Request Forgery issue in FlyCms 1.0, with the underlying risk indicated as high (CVSS v3.1: AV:N/AC:L/PR:N/UI:R/S:U...
CVE-2023-52072
Affected software/variant: FlyCms v1.0. The vulnerability is a Cross-Site Request Forgery (CSRF) in the component "/system/site/userconfig_updagte". Impact (as stated): allows unauthorized actions to be performed via CSRF, with high-severity metrics (CVSSv3.1 base score 8.8, HIGH). The attack vec...
CVE-2024-22818
CVE-2024-22818 affects FlyCms v1.0 and describes a Cross-Site Request Forgery (CSRF) at the endpoint /system/site/filterKeyword_save . According to the sources, this vulnerability enables unauthorized actions on the affected system when a user is authenticated, with a CVSS harness indicating NETW...