CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter...

4.8CVSS7.3AI score0.23148EPSS

Exploits1References1

RedhatCVE•added 2025/05/21 12:20 a.m.•14 views

CVE-2025-44108

A stored Cross-Site Scripting XSS vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently...

4.8CVSS5.6AI score0.00313EPSS

Exploits1References1

OSV•added 2025/05/19 2:15 p.m.•5 views

CVE-2025-44108

4.8CVSS5.5AI score0.00313EPSS

Exploits1References4

NVD•added 2025/05/19 2:15 p.m.•14 views

CVE-2025-44108

4.8CVSS0.00313EPSS

Exploits1References4

Positive Technologies•added 2025/05/19 12:0 a.m.•2 views

PT-2025-21942 · Unknown · Flatpress Cms

Name of the Vulnerable Software and Affected Versions: Flatpress CMS versions prior to 1.4 Description: A stored Cross-Site Scripting XSS issue exists in the administration panel of Flatpress CMS via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScri...

4.8CVSS5.3AI score0.00313EPSS

Exploits1References8

CVE•added 2025/05/19 12:0 a.m.•30 views

CVE-2025-44108

FlatPress CMS ≤ 1.3.1/1.4-rc1 shows a stored XSS through the gallery captions component. The vulnerability (CVE-2025-44108) allows an admin-privilged user to inject JavaScript that is then stored persistently, with impacts limited to confidentiality and integrity per sources, and no explicit expl...

4.8CVSS5.7AI score0.00313EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2025/05/19 12:0 a.m.•7 views

CVE-2025-44108

4.9AI score0.00313EPSS

Exploits1References4

Cvelist•added 2025/05/19 12:0 a.m.•9 views

CVE-2025-44108

0.00313EPSS

Exploits1References4

GithubExploit•added 2025/04/01 1:1 p.m.•80 views

Exploit for Cross-site Scripting in Flatpress

CVE-2025-29602 - Stored cross site scriptingXSS vulnerabilit...

6.1CVSS6.3AI score0.00181EPSS

Exploits2

RedhatCVE•added 2025/03/22 11:54 a.m.•3 views

CVE-2024-9699

A vulnerability in the file upload functionality of the FlatPress CMS admin panel version latest allows an attacker to upload a file with a JavaScript payload disguised as a filename. This can lead to a Cross-Site Scripting XSS attack if the uploaded file is accessed by other users. The issue is...

7.5CVSS5.8AI score0.00189EPSS

Exploits0References1

RedhatCVE•added 2025/03/22 11:48 a.m.•4 views

CVE-2024-9847

FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery CSRF attacks that allow an attacker to enable or disable plugins on behalf of a victim user. The attacker can craft a malicious link or script that, when clicked by an authenticated user, will send a request to the FlatPress...

8CVSS6.8AI score0.00173EPSS

Exploits1References1

NVD•added 2025/03/20 10:15 a.m.•7 views

CVE-2024-9847

8CVSS0.00173EPSS

Exploits1References2

OSV•added 2025/03/20 10:15 a.m.•1 views

CVE-2024-9847

8CVSS7AI score

Exploits0References2

NVD•added 2025/03/20 10:15 a.m.•13 views

CVE-2024-9699

7.5CVSS0.00189EPSS

Exploits0References2

OSV•added 2025/03/20 10:15 a.m.•4 views

CVE-2024-9699

5.4CVSS5.9AI score

Exploits0References2

CVE•added 2025/03/20 10:9 a.m.•42 views

CVE-2024-9699

CVE-2024-9699 affects FlatPress CMS: the file-upload feature in the admin panel allows a JavaScript payload masquerading as a filename, enabling Cross-Site Scripting when the uploaded file is accessed. The issue is described for the default/“latest” release and is stated to be fixed in version 1....

7.5CVSS6.7AI score0.00189EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by