Flycms

flycms

CVEs (19)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-27694 1Flycms Project 1Flycms Apr 16, 2025 Mar 4, 2024 N/A· v4 7.4 HIGH· v3 N/A· v2 FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit.
CVE-2024-22819 1Flycms Project 1Flycms Jun 2, 2025 Jan 18, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update.
CVE-2024-22818 1Flycms Project 1Flycms Jun 9, 2025 Jan 18, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save
CVE-2024-22817 1Flycms Project 1Flycms Jun 5, 2025 Jan 18, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte
CVE-2024-22603 1Flycms Project 1Flycms Nov 21, 2024 Jan 18, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link
CVE-2024-22601 1Flycms Project 1Flycms Jun 20, 2025 Jan 18, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save
CVE-2024-22699 1Flycms Project 1Flycms Jun 5, 2025 Jan 18, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save.
CVE-2024-22593 1Flycms Project 1Flycms Nov 21, 2024 Jan 18, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save
CVE-2024-22592 1Flycms Project 1Flycms Jun 2, 2025 Jan 18, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update
CVE-2024-22591 1Flycms Project 1Flycms Jun 20, 2025 Jan 18, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save.
CVE-2024-22568 1Flycms Project 1Flycms Jun 20, 2025 Jan 18, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del.
CVE-2024-22549 1Flycms Project 1Flycms Jun 20, 2025 Jan 18, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section.
CVE-2024-22548 1Flycms Project 1Flycms Jun 5, 2025 Jan 18, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section.
CVE-2023-52074 1Flycms Project 1Flycms Jun 13, 2025 Jan 8, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte.
CVE-2023-52073 1Flycms Project 1Flycms Jun 3, 2025 Jan 8, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte.
CVE-2023-52072 1Flycms Project 1Flycms Apr 17, 2025 Jan 8, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte.
CVE-2024-21732 1Flycms Project 1Flycms Jun 3, 2025 Jan 1, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 FlyCms through abbaa5a allows XSS via the permission management feature.
CVE-2020-36065 1Flycms Project 1Flycms Jan 29, 2025 May 8, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save.
CVE-2020-19613 1Flycms Project 1Flycms Nov 21, 2024 Apr 1, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503.