Vulnerabilities
Vulnerable Software
Flatpress:  >> Flatpress  >> 1.0.3  Security Vulnerabilities
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
6.5
EPSS Score
0.005
Published
2023-03-02
Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
5.3
EPSS Score
0.006
Published
2023-03-02
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
8.1
EPSS Score
0.006
Published
2023-03-01
External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
7.5
EPSS Score
0.007
Published
2023-03-01
Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
8.1
EPSS Score
0.036
Published
2023-02-22
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
6.0
EPSS Score
0.005
Published
2022-12-18
PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
8.8
EPSS Score
0.354
Published
2022-12-18
FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie according to the crafted payload.
CVSS Score
4.8
EPSS Score
0.021
Published
2020-12-30


Contact Us

Shodan ® - All rights reserved