fluxbb CVE Vulnerabilities & Metrics

Focus on fluxbb vulnerabilities and metrics.

Last updated: 29 Jun 2025, 22:25 UTC

About fluxbb Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with fluxbb. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total fluxbb CVEs: 8
Earliest CVE date: 13 Jan 2015, 11:59 UTC
Latest CVE date: 15 May 2025, 18:15 UTC

Latest CVE reference: CVE-2025-44110

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical fluxbb CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 5.71

Max CVSS: 9.3

Critical CVEs (≥9): 1

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	2
7.0-8.9	3
9.0-10.0	1

CVSS Distribution Chart

Top 5 Highest CVSS fluxbb CVEs

These are the five CVEs with the highest CVSS scores for fluxbb, sorted by severity first and recency.

CVE-2014-9574 fluxbb Published on 03 Feb 2015, 16:59 UTC (CVSS: 9.3)
Directory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to include and execute arbitrary local install.php files via a .. (dot dot) in the install_lang parameter.
CVE-2020-28873 fluxbb Published on 17 Mar 2021, 13:15 UTC (CVSS: 7.8)
Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long password via the user login form. When a long password is sent, the password hashing process will result in CPU and memory exhaustion on the server.
CVE-2011-3621 fluxbb Published on 22 Jan 2020, 18:15 UTC (CVSS: 7.5)
A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled.
CVE-2014-10029 fluxbb Published on 13 Jan 2015, 11:59 UTC (CVSS: 7.5)
SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter.
CVE-2014-10030 fluxbb Published on 13 Jan 2015, 11:59 UTC (CVSS: 5.8)
Open redirect vulnerability in forums/login.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.

All CVEs for fluxbb

CVE-2025-44110 fluxbb vulnerability CVSS: 0 15 May 2025, 18:15 UTC

FluxBB 1.5.11 is vulnerable to Cross Site Scripting (XSS) in via the Forum Description Field in admin_forums.php.

CVE-2021-43677 fluxbb vulnerability CVSS: 4.3 04 Jan 2022, 20:15 UTC

Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerability.

CVE-2020-28873 fluxbb vulnerability CVSS: 7.8 17 Mar 2021, 13:15 UTC

Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long password via the user login form. When a long password is sent, the password hashing process will result in CPU and memory exhaustion on the server.

CVE-2020-35240 fluxbb vulnerability CVSS: 3.5 30 Dec 2020, 15:15 UTC

FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in "Blog Content" and each time any user will visit the blog, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.

CVE-2011-3621 fluxbb vulnerability CVSS: 7.5 22 Jan 2020, 18:15 UTC

A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled.

CVE-2014-9574 fluxbb vulnerability CVSS: 9.3 03 Feb 2015, 16:59 UTC

Directory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to include and execute arbitrary local install.php files via a .. (dot dot) in the install_lang parameter.

CVE-2014-10030 fluxbb vulnerability CVSS: 5.8 13 Jan 2015, 11:59 UTC

Open redirect vulnerability in forums/login.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.

CVE-2014-10029 fluxbb vulnerability CVSS: 7.5 13 Jan 2015, 11:59 UTC

SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter.