Lucene search
K

377 matches found

CVE
CVE
added 2025/03/20 10:9 a.m.50 views

CVE-2024-9847

CVE-2024-9847 affects FlatPress CMS (FlatPress) where authenticated users can be targeted by a Cross-Site Request Forgery (CSRF) flaw to enable or disable plugins on behalf of a victim user. The vulnerability arises from attackers using crafted requests that are processed as if initiated by the l...

8CVSS6.8AI score0.00316EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

FlatPress 跨站请求伪造漏洞

FlatPress is a lightweight, easy to set up flat file blogging engine from the FlatPress open source. A cross-site request forgery vulnerability exists in FlatPress. An attacker exploiting this vulnerability can enable or disable plugins...

8CVSS7.8AI score0.00316EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.6 views

FlatPress 跨站脚本漏洞

FlatPress is a lightweight, easy to set up flat file blogging engine from FlatPress open source. A cross-site scripting vulnerability exists in FlatPress version 1.3. An attacker can exploit this vulnerability to upload malicious files and execute arbitrary JavaScript code...

8.1CVSS7.8AI score0.00746EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.6 views

FlatPress 跨站脚本漏洞

FlatPress is a lightweight, easy-to-setup flat file blogging engine from the FlatPress open source. A cross-site scripting vulnerability exists in FlatPress, which stems from a JavaScript payload masquerading as a filename in the file upload function, which could lead to a cross-site scripting...

7.5CVSS7.2AI score0.00323EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.6 views

PT-2025-12160 · Flatpress · Flatpress

Name of the Vulnerable Software and Affected Versions: flatpressblog/flatpress version 1.3 Description: A stored cross-site scripting XSS issue exists. When a user uploads a file with a .xsig extension and directly accesses this file, the server responds with a Content-type of...

8.1CVSS7.4AI score0.00746EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/02/26 12:28 a.m.9 views

CVE-2025-25460

A stored Cross-Site Scripting XSS vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to...

4.8CVSS5.3AI score0.00504EPSS
Exploits1References1
NVD
NVD
added 2025/02/24 4:15 p.m.18 views

CVE-2025-25460

A stored Cross-Site Scripting XSS vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to...

4.8CVSS0.00504EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/02/24 12:0 a.m.7 views

CVE-2025-25460

A stored Cross-Site Scripting XSS vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to...

4.7AI score0.00504EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/02/24 12:0 a.m.12 views

PT-2025-7772 · Flatpress · Flatpress

Name of the Vulnerable Software and Affected Versions: FlatPress version 1.3.1 Description: A stored Cross-Site Scripting issue was identified within the "Add Entry" feature, allowing authenticated attackers to inject malicious JavaScript payloads into blog posts. This is executed when other user...

4.8CVSS6.2AI score0.00504EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/02/24 12:0 a.m.5 views

FlatPress 安全漏洞

FlatPress is a Php-based blog builder without database support from the FlatPress community. A security vulnerability exists in FlatPress version 1.3.1, which stems from an improperly cleaned and escaped TextArea field input in the Add Entry feature. An authenticated attacker can inject malicious...

4.8CVSS6.5AI score0.00504EPSS
Exploits1References3
CVE
CVE
added 2025/02/24 12:0 a.m.82 views

CVE-2025-25460

The CVE-2025-25460 vulnerability affects FlatPress 1.3.1, specifically the Add Entry (TextArea) input. Root cause: improper input sanitization allows an authenticated user to insert malicious JavaScript payloads into blog posts, leading to stored XSS when other users view the posts. Available det...

4.8CVSS5.3AI score0.00504EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/02/24 12:0 a.m.15 views

CVE-2025-25460

A stored Cross-Site Scripting XSS vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to...

0.00504EPSS
Exploits1References2
OSV
OSV
added 2025/02/24 12:0 a.m.5 views

CVE-2025-25460

A stored Cross-Site Scripting XSS vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to...

4.8CVSS5.4AI score0.00504EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/02/05 8:18 p.m.10 views

CVE-2022-4606

PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3...

9.8CVSS6.8AI score0.35435EPSS
Exploits1References1
NVD
NVD
added 2024/10/02 5:15 p.m.14 views

CVE-2024-41290

FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component...

8.1CVSS0.00424EPSS
Exploits0References1
NVD
NVD
added 2024/10/02 4:15 p.m.28 views

CVE-2024-33209

FlatPress v1.3 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser...

5.4CVSS0.00773EPSS
Exploits2References1
NVD
NVD
added 2024/10/02 4:15 p.m.16 views

CVE-2024-33210

A cross-site scripting XSS vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users...

5.4CVSS0.00605EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/10/02 12:0 a.m.21 views

CVE-2024-33210

A cross-site scripting XSS vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users...

0.00605EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/10/02 12:0 a.m.17 views

CVE-2024-41290

FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component...

0.00424EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/02 12:0 a.m.28 views

CVE-2024-33209

FlatPress v1.3 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser...

0.00773EPSS
Exploits2References1
Rows per page
Query Builder