Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503.
7.5CVSS
7.5AI Score
0.003EPSS
Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save.
8.8CVSS
8.7AI Score
0.001EPSS
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte.
8.8CVSS
8.8AI Score
0.001EPSS
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte.
8.8CVSS
8.8AI Score
0.001EPSS
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte.
8.8CVSS
8.8AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.0005EPSS
FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section.
5.4CVSS
5.2AI Score
0.0004EPSS
FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section.
5.4CVSS
5.3AI Score
0.0004EPSS
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del.
8.8CVSS
8.7AI Score
0.001EPSS
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save.
8.8CVSS
8.7AI Score
0.001EPSS
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update
8.8CVSS
8.7AI Score
0.001EPSS
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save
8.8CVSS
8.8AI Score
0.001EPSS
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save
8.8CVSS
8.7AI Score
0.001EPSS
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link
8.8CVSS
8.7AI Score
0.001EPSS
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save.
8.8CVSS
8.7AI Score
0.001EPSS
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte
8.8CVSS
8.7AI Score
0.001EPSS
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save
8.8CVSS
8.7AI Score
0.001EPSS
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update.
8.8CVSS
8.7AI Score
0.001EPSS