Flatpress: >> Flatpress >> 1.0.1 Security Vulnerabilities
A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently.
CVSS Score
4.8
EPSS Score
0.001
Published
2025-05-19
flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Administration area via Manage categories.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-05-07
FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow an attacker to enable or disable plugins on behalf of a victim user. The attacker can craft a malicious link or script that, when clicked by an authenticated user, will send a request to the FlatPress CMS server to perform the desired action on behalf of the victim user. Since the request is authenticated, the server will process it as if it were initiated by the legitimate user, effectively allowing the attacker to perform unauthorized actions. This vulnerability is fixed in version 1.4.dev.
CVSS Score
8.0
EPSS Score
0.0
Published
2025-03-20
A vulnerability in the file upload functionality of the FlatPress CMS admin panel (version latest) allows an attacker to upload a file with a JavaScript payload disguised as a filename. This can lead to a Cross-Site Scripting (XSS) attack if the uploaded file is accessed by other users. The issue is fixed in version 1.4.dev.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-03-20
Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter.
CVSS Score
4.8
EPSS Score
0.109
Published
2024-10-01
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php.
CVSS Score
6.1
EPSS Score
0.147
Published
2024-09-27
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field.
CVSS Score
6.1
EPSS Score
0.069
Published
2024-09-27
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-02
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-02
Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-03-02
Page 1