Shodan
Vulnerabilities
Vulnerable Software
Flatpress:  >> Flatpress  Security Vulnerabilities
CVE-2025-44108
A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-05-19
CVE-2025-29602
flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Administration area via Manage categories.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-05-07
CVE-2025-25460
A stored Cross-Site Scripting (XSS) vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to improper input sanitization of the "TextArea" field in the blog entry submission form.
CVSS Score
4.8
EPSS Score
0.009
Published
2025-02-24
CVE-2024-41290
FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component.
CVSS Score
8.1
EPSS Score
0.009
Published
2024-10-02
CVE-2024-33209
FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser.
CVSS Score
5.4
EPSS Score
0.004
Published
2024-10-02
CVE-2024-31835
Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter.
CVSS Score
4.8
EPSS Score
0.096
Published
2024-10-01
CVE-2024-25412
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field.
CVSS Score
6.1
EPSS Score
0.06
Published
2024-09-27
CVE-2023-1147
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-02
CVE-2023-1148
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-02
CVE-2023-1146
Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-03-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved