PT-2025-7772 · Flatpress · Flatpress

Name of the Vulnerable Software and Affected Versions: FlatPress version 1.3.1 Description: A stored Cross-Site Scripting issue was identified within the "Add Entry" feature, allowing authenticated attackers to inject malicious JavaScript payloads into blog posts. This is executed when other user...

FlatPress 安全漏洞

FlatPress is a Php-based blog builder without database support from the FlatPress community. A security vulnerability exists in FlatPress version 1.3.1, which stems from an improperly cleaned and escaped TextArea field input in the Add Entry feature. An authenticated attacker can inject malicious...