Flatnux

flatnux

Vendor: Flatnux • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2012-4892 1Flatnux 1Flatnux Apr 29, 2026 Sep 10, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2012-03.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title_en, (2) summary_en, or (3) body_en parameter in a...Show more Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2012-03.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title_en, (2) summary_en, or (3) body_en parameter in a submitnews action to the news module, a different vulnerability than CVE-2012-4890. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2012-4890 1Flatnux 1Flatnux Apr 29, 2026 Sep 10, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2011 08.09.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) comment to the news, (2) title to the news, or (3) the f...Show more Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2011 08.09.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) comment to the news, (2) title to the news, or (3) the folder names in a gallery.Show less
CVE-2012-4878 1Flatnux 1Flatnux Apr 29, 2026 Sep 6, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.
CVE-2012-4877 1Flatnux 1Flatnux Apr 29, 2026 Sep 6, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts.
CVE-2009-0572 1Flatnux 1Flatnux Apr 23, 2026 Feb 13, 2009 N/A· v4 N/A· v3 5.1 MEDIUM· v2 PHP remote file inclusion vulnerability in include/flatnux.php in FlatnuX CMS (aka Flatnuke3) 2009-01-27 and 2009-02-04, when register_globals is enabled and magic_quotes_gpc disabled, allows remote attackers to execute...Show more PHP remote file inclusion vulnerability in include/flatnux.php in FlatnuX CMS (aka Flatnuke3) 2009-01-27 and 2009-02-04, when register_globals is enabled and magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the _FNROOTPATH parameter to (1) index.php and (2) filemanager.php.Show less
CVE-2008-5761 1Flatnux 1Flatnux Apr 23, 2026 Dec 30, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter to the default URI; (2) the foto param...Show more Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter to the default URI; (2) the foto parameter to photo.php in the 05_Foto module; or (3) the name parameter in an insertrecord action to index.php in the 08_Files module, as demonstrated by injection within a SRC attribute of an IFRAME element.Show less
CVE-2008-5759 1Flatnux 1Flatnux Apr 23, 2026 Dec 30, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allows remote attackers to inject arbitrary web script or HTML via the name parameter in an updaterecord action to index.php in the 08_Fi...Show more Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allows remote attackers to inject arbitrary web script or HTML via the name parameter in an updaterecord action to index.php in the 08_Files module. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less