CVE-2024-4023
A stored cross-site scripting XSS vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a .xsig extension and directly accesses this file, the server responds with a Content-type of application/octet-stream, leading to the file being processed as an HTML fil...