13 matches found
CVE-2023-1148
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
CVE-2024-25411
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php.
CVE-2023-1107
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
CVE-2023-1104
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
CVE-2024-25412
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field.
CVE-2024-31835
Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter.
CVE-2023-1147
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
CVE-2024-9699
A vulnerability in the file upload functionality of the FlatPress CMS admin panel (version latest) allows an attacker to upload a file with a JavaScript payload disguised as a filename. This can lead to a Cross-Site Scripting (XSS) attack if the uploaded file is accessed by other users. The issue i...
CVE-2024-9847
FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow an attacker to enable or disable plugins on behalf of a victim user. The attacker can craft a malicious link or script that, when clicked by an authenticated user, will send a request to the FlatPress...
CVE-2023-1105
External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3.
CVE-2023-1106
Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3.
CVE-2023-1146
Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3.
CVE-2025-44108
A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently.