Flatpress: >> Flatpress >> 1.3 Security Vulnerabilities
A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-05-19
FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser.
CVSS Score
5.4
EPSS Score
0.004
Published
2024-10-02
External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-03-01