CVE-2026-56785

FlatPress is affected by a stored cross-site scripting (XSS) vulnerability in comment and contact forms. Versions prior to commit 10be83c (FlatPress) render the name, URL, and email fields without proper output encoding in Smarty templates, allowing an attacker to inject arbitrary HTML/JavaScript...