Flatpress: >> Flatpress >> 1.2 Security Vulnerabilities
A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-05-19
Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter.
CVSS Score
4.8
EPSS Score
0.096
Published
2024-10-01
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field.
CVSS Score
6.1
EPSS Score
0.06
Published
2024-09-27
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-02
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-02
Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-03-02
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-02
Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-03-02
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-03-01
External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-03-01
Page 1