377 matches found
CVE-2024-9847
CVE-2024-9847 affects FlatPress CMS (FlatPress) where authenticated users can be targeted by a Cross-Site Request Forgery (CSRF) flaw to enable or disable plugins on behalf of a victim user. The vulnerability arises from attackers using crafted requests that are processed as if initiated by the l...
FlatPress 跨站请求伪造漏洞
FlatPress is a lightweight, easy to set up flat file blogging engine from the FlatPress open source. A cross-site request forgery vulnerability exists in FlatPress. An attacker exploiting this vulnerability can enable or disable plugins...
FlatPress 跨站脚本漏洞
FlatPress is a lightweight, easy to set up flat file blogging engine from FlatPress open source. A cross-site scripting vulnerability exists in FlatPress version 1.3. An attacker can exploit this vulnerability to upload malicious files and execute arbitrary JavaScript code...
FlatPress 跨站脚本漏洞
FlatPress is a lightweight, easy-to-setup flat file blogging engine from the FlatPress open source. A cross-site scripting vulnerability exists in FlatPress, which stems from a JavaScript payload masquerading as a filename in the file upload function, which could lead to a cross-site scripting...
PT-2025-12160 · Flatpress · Flatpress
Name of the Vulnerable Software and Affected Versions: flatpressblog/flatpress version 1.3 Description: A stored cross-site scripting XSS issue exists. When a user uploads a file with a .xsig extension and directly accesses this file, the server responds with a Content-type of...
CVE-2025-25460
A stored Cross-Site Scripting XSS vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to...
CVE-2025-25460
A stored Cross-Site Scripting XSS vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to...
CVE-2025-25460
A stored Cross-Site Scripting XSS vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to...
PT-2025-7772 · Flatpress · Flatpress
Name of the Vulnerable Software and Affected Versions: FlatPress version 1.3.1 Description: A stored Cross-Site Scripting issue was identified within the "Add Entry" feature, allowing authenticated attackers to inject malicious JavaScript payloads into blog posts. This is executed when other user...
FlatPress 安全漏洞
FlatPress is a Php-based blog builder without database support from the FlatPress community. A security vulnerability exists in FlatPress version 1.3.1, which stems from an improperly cleaned and escaped TextArea field input in the Add Entry feature. An authenticated attacker can inject malicious...
CVE-2025-25460
The CVE-2025-25460 vulnerability affects FlatPress 1.3.1, specifically the Add Entry (TextArea) input. Root cause: improper input sanitization allows an authenticated user to insert malicious JavaScript payloads into blog posts, leading to stored XSS when other users view the posts. Available det...
CVE-2025-25460
A stored Cross-Site Scripting XSS vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to...
CVE-2025-25460
A stored Cross-Site Scripting XSS vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to...
CVE-2022-4606
PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3...
CVE-2024-41290
FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component...
CVE-2024-33209
FlatPress v1.3 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser...
CVE-2024-33210
A cross-site scripting XSS vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users...
CVE-2024-33210
A cross-site scripting XSS vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users...
CVE-2024-41290
FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component...
CVE-2024-33209
FlatPress v1.3 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser...