Flatpress: >> Flatpress >> 1.0.3 Security Vulnerabilities
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-02
Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-03-02
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-03-01
External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-03-01
Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
8.1
EPSS Score
0.759
Published
2023-02-22
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
6.0
EPSS Score
0.001
Published
2022-12-18
PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
8.8
EPSS Score
0.188
Published
2022-12-18
FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie according to the crafted payload.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-12-30
Page 2