CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1148 – Cross-site Scripting (XSS) - Stored in flatpressblog/flatpress
https://notcve.org/view.php?id=CVE-2023-1148
02 Mar 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. • https://github.com/flatpressblog/flatpress/commit/3a32aad0dec5df24c6576d7567d4f2eadbfc75de • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1104 – Cross-site Scripting (XSS) - Stored in flatpressblog/flatpress
https://notcve.org/view.php?id=CVE-2023-1104
01 Mar 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. • https://github.com/flatpressblog/flatpress/commit/f6394eac7a0e001d2b1ac638d3313e531d19ea93 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1105 – External Control of File Name or Path in flatpressblog/flatpress
https://notcve.org/view.php?id=CVE-2023-1105
01 Mar 2023 — External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3. • https://github.com/flatpressblog/flatpress/commit/5d5c7f6d8f072d14926fc2c3a97cdd763802f170 • CWE-73: External Control of File Name or Path •
CVSS: 10.0EPSS: 75%CPEs: 1EXPL: 1CVE-2023-0947 – Path Traversal in flatpressblog/flatpress
https://notcve.org/view.php?id=CVE-2023-0947
22 Feb 2023 — Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3. Salto de ruta en el repositorio de GitHub de flatpressblog/flatpress anterior a 1.3 • https://github.com/flatpressblog/flatpress/commit/9c4e5d6567e446c472f3adae3b2fe612f66871c7 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4822 – FlatPress Setup main.lib.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-4822
28 Dec 2022 — A vulnerability, which was classified as problematic, has been found in FlatPress. This issue affects some unknown processing of the file setup/lib/main.lib.php of the component Setup. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 5f23b4c2eac294cc0ba5e541f83a6f8a26f9fed1. • https://github.com/flatpressblog/flatpress/commit/5f23b4c2eac294cc0ba5e541f83a6f8a26f9fed1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4821 – FlatPress XML File Handler/MD File admin.uploader.php onupload cross site scripting
https://notcve.org/view.php?id=CVE-2022-4821
28 Dec 2022 — A vulnerability classified as problematic was found in FlatPress. This vulnerability affects the function onupload of the file admin/panels/uploader/admin.uploader.php of the component XML File Handler/MD File Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 3cc223dec5260e533a84b5cf5780d3a4fbf21241. • https://github.com/flatpressblog/flatpress/commit/3cc223dec5260e533a84b5cf5780d3a4fbf21241 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4820 – FlatPress Admin Area admin.entry.list.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-4820
28 Dec 2022 — A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 229752b51025e678370298284d42f8ebb231f67f. • https://github.com/flatpressblog/flatpress/commit/229752b51025e678370298284d42f8ebb231f67f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4755 – FlatPress Media Manager Plugin panel.mediamanager.file.php main cross site scripting
https://notcve.org/view.php?id=CVE-2022-4755
27 Dec 2022 — A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to cross site scripting. The attack may be initiated remotely. The name of the patch is d3f329496536dc99f9707f2f295d571d65a496f5. • https://github.com/flatpressblog/flatpress/commit/d3f329496536dc99f9707f2f295d571d65a496f5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4748 – FlatPress File Delete panel.mediamanager.file.php doItemActions path traversal
https://notcve.org/view.php?id=CVE-2022-4748
27 Dec 2022 — A vulnerability was found in FlatPress. It has been classified as critical. This affects the function doItemActions of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component File Delete Handler. The manipulation of the argument deletefile leads to path traversal. The name of the patch is 5d5c7f6d8f072d14926fc2c3a97cdd763802f170. • https://github.com/flatpressblog/flatpress/commit/5d5c7f6d8f072d14926fc2c3a97cdd763802f170 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4605 – Cross-site Scripting (XSS) - Stored in flatpressblog/flatpress
https://notcve.org/view.php?id=CVE-2022-4605
18 Dec 2022 — Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. Cross-Site Scripting (XSS): almacenado en el repositorio de GitHub flatpressblog/flatpress anterior a 1.3. • https://github.com/flatpressblog/flatpress/commit/742f8b04f233e3cc52bed11f79fcc9911faee776 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •