Product:

Flusity

(Flusity)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 16
Date Id Summary Products Score Patch Annotated
2024-02-02 CVE-2024-24470 Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component. Flusity 8.8
2024-02-11 CVE-2024-25417 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php. Flusity 8.8
2024-02-15 CVE-2024-25502 Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component. Flusity N/A
2024-02-05 CVE-2024-24468 Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php. Flusity 8.8
2024-02-11 CVE-2024-25418 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php. Flusity 8.8
2024-02-11 CVE-2024-25419 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php. Flusity 8.8
2024-03-18 CVE-2024-27757 flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024." Flusity N/A
2024-04-22 CVE-2024-32418 An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component. Flusity N/A
2024-02-22 CVE-2024-26489 A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Social block links' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Profile Name text field. Flusity 6.1
2024-02-22 CVE-2024-26350 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_contact_form_settings.php Flusity 8.8