lin-cms@0.4.10 vulnerabilities

A simple and practical CMS implememted by flask

Direct Vulnerabilities

Known vulnerabilities in the lin-cms package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Access Restriction Bypass

Lin-CMS is a Lin-CMS-Flask-Core.

Affected versions of this package are vulnerable to Access Restriction Bypass. It allows attackers to escalate privileges to Super Administrator.

How to fix Access Restriction Bypass?

There is no fixed version for Lin-CMS.

[0,)
  • M
Cross-site Scripting (XSS)

Lin-CMS is a Lin-CMS-Flask-Core.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Username parameter of the component app/api/cms/user.py.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for Lin-CMS.

[0,)
  • M
Improper Authentication

Lin-CMS is a Lin-CMS-Flask-Core.

Affected versions of this package are vulnerable to Improper Authentication. Remote attackers can obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets.

How to fix Improper Authentication?

There is no fixed version for Lin-CMS.

[0,)
  • M
Insufficient Rate Limiting

Lin-CMS is a Lin-CMS-Flask-Core.

Affected versions of this package are vulnerable to Insufficient Rate Limiting. Improper Authentication allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component app/api/cms/user.py.

How to fix Insufficient Rate Limiting?

There is no fixed version for Lin-CMS.

[0,)