CVE Tools

flatcore

Web & CMS Pluginsoss-project

10

Cumulative CVEs

3

Monthly snapshots

#87

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting flatcore.

CVE-2021-40555Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form.5.4Feb 16, 2023
CVE-2022-43118A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field.6.1Nov 9, 2022
CVE-2021-41402flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code.8.8Jun 16, 2022
CVE-2021-41403flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery vulnerabilities.9.8Jun 15, 2022
CVE-2021-40902flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) in the "Create New Page" option through the index page.5.4Jun 13, 2022
CVE-2021-42245FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections.6.1Jun 6, 2022
CVE-2021-3745Unrestricted Upload of File with Dangerous Type in flatcore/flatcore-cms6.6Oct 28, 2021
CVE-2021-39609Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function.5.4Aug 23, 2021
CVE-2021-39608Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code.7.2Aug 23, 2021
CVE-2021-23838An issue was discovered in flatCore before 2.0.0 build 139. A reflected XSS vulnerability was identified in the media_filter HTTP request body parameter for the acp interface. The affected paramete...4.8Jan 15, 2021
CVE-2021-23837An issue was discovered in flatCore before 2.0.0 build 139. A time-based blind SQL injection was identified in the selected_folder HTTP request body parameter for the acp interface. The affected pa...6.5Jan 15, 2021
CVE-2021-23836An issue was discovered in flatCore before 2.0.0 build 139. A stored XSS vulnerability was identified in the prefs_smtp_psw HTTP request body parameter for the acp interface. An admin user can inje...4.8Jan 15, 2021
CVE-2021-23835An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can be expl...4.9Jan 15, 2021
CVE-2020-17451flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&s...4.8Aug 9, 2020
CVE-2020-17452flatCore before 1.5.7 allows upload and execution of a .php file by an admin.7.2Aug 9, 2020