Flusity

flusity

28 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Flusity

flusity

28 CVEs

CVEs (28)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-33442 1Flusity 1Flusity Mar 25, 2025 May 1, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php component.
CVE-2024-31666 1Flusity 1Flusity Mar 28, 2025 Apr 22, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php component.
CVE-2024-32418 1Flusity 1Flusity Apr 30, 2025 Apr 22, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component.
CVE-2024-27757 1Flusity 1Flusity May 5, 2025 Mar 18, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024."
CVE-2024-27680 1Flusity 1Flusity Mar 26, 2025 Mar 4, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS) in the "Contact form."
CVE-2024-27668 1Flusity 1Flusity Mar 28, 2025 Mar 4, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Flusity-CMS v2.33 is affected by: Cross Site Scripting (XSS) in 'Custom Blocks.'
CVE-2024-25410 1Flusity 1Flusity Mar 25, 2025 Feb 26, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in update_setting.php.
CVE-2024-26445 1Flusity 1Flusity Mar 25, 2025 Feb 22, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php
CVE-2024-26352 1Flusity 1Flusity Mar 25, 2025 Feb 22, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.php
CVE-2024-26351 1Flusity 1Flusity Mar 25, 2025 Feb 22, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_place.php
CVE-2024-26350 1Flusity 1Flusity Mar 28, 2025 Feb 22, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_contact_form_settings.php
CVE-2024-26349 1Flusity 1Flusity Mar 25, 2025 Feb 22, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_translation.php
CVE-2024-23094 1Flusity 1Flusity Mar 25, 2025 Feb 22, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /cover/addons/info_media_gallery/action/edit_addon_post.php
CVE-2024-26491 1Flusity 1Flusity Mar 25, 2025 Feb 22, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected int...Show more A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field.Show less
CVE-2024-26490 1Flusity 1Flusity Mar 25, 2025 Feb 22, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in the Addon JD Simple module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.
CVE-2024-26489 1Flusity 1Flusity Mar 13, 2025 Feb 22, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Social block links' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Profil...Show more A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Social block links' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Profile Name text field.Show less
CVE-2024-25502 1Flusity 1Flusity May 23, 2025 Feb 15, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component.
CVE-2024-25419 1Flusity 1Flusity May 15, 2025 Feb 11, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php.
CVE-2024-25418 1Flusity 1Flusity May 15, 2025 Feb 11, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php.
CVE-2024-25417 1Flusity 1Flusity Jun 12, 2025 Feb 11, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php.

12 Next