Flycms
Monthly
Reflected cross-site scripting (XSS) in sunkaifei FlyCMS userLogin function allows unauthenticated remote attackers to inject malicious scripts via the redirectUrl parameter, requiring user interaction to trigger. The vulnerability is publicly available for exploitation with a low CVSS score of 2.1 reflecting limited integrity impact, but active public PoC code exists and the affected project has not responded to disclosure.
Cross-site scripting (XSS) in sunkaifei FlyCMS Admin Login component allows remote attackers to inject malicious scripts via the redirectUrl parameter in IndexAdminController.java. The vulnerability requires user interaction (UI:P) and results in limited integrity impact (VI:L), with a very low CVSS score of 2.1 despite public exploit availability. Active exploitation risk is minimal given the low EPSS score (0.02%, 6th percentile) and requirement for social engineering the admin user.
FlyCms through abbaa5a allows XSS via the permission management feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Reflected cross-site scripting (XSS) in sunkaifei FlyCMS userLogin function allows unauthenticated remote attackers to inject malicious scripts via the redirectUrl parameter, requiring user interaction to trigger. The vulnerability is publicly available for exploitation with a low CVSS score of 2.1 reflecting limited integrity impact, but active public PoC code exists and the affected project has not responded to disclosure.
Cross-site scripting (XSS) in sunkaifei FlyCMS Admin Login component allows remote attackers to inject malicious scripts via the redirectUrl parameter in IndexAdminController.java. The vulnerability requires user interaction (UI:P) and results in limited integrity impact (VI:L), with a very low CVSS score of 2.1 despite public exploit availability. Active exploitation risk is minimal given the low EPSS score (0.02%, 6th percentile) and requirement for social engineering the admin user.
FlyCms through abbaa5a allows XSS via the permission management feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.