CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1106 – Cross-site Scripting (XSS) - Reflected in flatpressblog/flatpress
https://notcve.org/view.php?id=CVE-2023-1106
02 Mar 2023 — Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3. • https://github.com/flatpressblog/flatpress/commit/5f23b4c2eac294cc0ba5e541f83a6f8a26f9fed1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1104 – Cross-site Scripting (XSS) - Stored in flatpressblog/flatpress
https://notcve.org/view.php?id=CVE-2023-1104
01 Mar 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. • https://github.com/flatpressblog/flatpress/commit/f6394eac7a0e001d2b1ac638d3313e531d19ea93 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1105 – External Control of File Name or Path in flatpressblog/flatpress
https://notcve.org/view.php?id=CVE-2023-1105
01 Mar 2023 — External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3. • https://github.com/flatpressblog/flatpress/commit/5d5c7f6d8f072d14926fc2c3a97cdd763802f170 • CWE-73: External Control of File Name or Path •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 1CVE-2023-0947 – Path Traversal in flatpressblog/flatpress
https://notcve.org/view.php?id=CVE-2023-0947
22 Feb 2023 — Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3. Salto de ruta en el repositorio de GitHub de flatpressblog/flatpress anterior a 1.3 • https://github.com/flatpressblog/flatpress/commit/9c4e5d6567e446c472f3adae3b2fe612f66871c7 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4822 – FlatPress Setup main.lib.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-4822
28 Dec 2022 — A vulnerability, which was classified as problematic, has been found in FlatPress. This issue affects some unknown processing of the file setup/lib/main.lib.php of the component Setup. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 5f23b4c2eac294cc0ba5e541f83a6f8a26f9fed1. • https://github.com/flatpressblog/flatpress/commit/5f23b4c2eac294cc0ba5e541f83a6f8a26f9fed1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4821 – FlatPress XML File Handler/MD File admin.uploader.php onupload cross site scripting
https://notcve.org/view.php?id=CVE-2022-4821
28 Dec 2022 — A vulnerability classified as problematic was found in FlatPress. This vulnerability affects the function onupload of the file admin/panels/uploader/admin.uploader.php of the component XML File Handler/MD File Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 3cc223dec5260e533a84b5cf5780d3a4fbf21241. • https://github.com/flatpressblog/flatpress/commit/3cc223dec5260e533a84b5cf5780d3a4fbf21241 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4820 – FlatPress Admin Area admin.entry.list.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-4820
28 Dec 2022 — A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 229752b51025e678370298284d42f8ebb231f67f. • https://github.com/flatpressblog/flatpress/commit/229752b51025e678370298284d42f8ebb231f67f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4755 – FlatPress Media Manager Plugin panel.mediamanager.file.php main cross site scripting
https://notcve.org/view.php?id=CVE-2022-4755
27 Dec 2022 — A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to cross site scripting. The attack may be initiated remotely. The name of the patch is d3f329496536dc99f9707f2f295d571d65a496f5. • https://github.com/flatpressblog/flatpress/commit/d3f329496536dc99f9707f2f295d571d65a496f5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4748 – FlatPress File Delete panel.mediamanager.file.php doItemActions path traversal
https://notcve.org/view.php?id=CVE-2022-4748
27 Dec 2022 — A vulnerability was found in FlatPress. It has been classified as critical. This affects the function doItemActions of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component File Delete Handler. The manipulation of the argument deletefile leads to path traversal. The name of the patch is 5d5c7f6d8f072d14926fc2c3a97cdd763802f170. • https://github.com/flatpressblog/flatpress/commit/5d5c7f6d8f072d14926fc2c3a97cdd763802f170 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4606 – PHP Remote File Inclusion in flatpressblog/flatpress
https://notcve.org/view.php?id=CVE-2022-4606
18 Dec 2022 — PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3. Inclusión remota de archivos PHP en el repositorio de GitHub flatpressblog/flatpress anterior a 1.3. • https://github.com/flatpressblog/flatpress/commit/c30d52b28483e1e512d0d81758d4c149f02b4068 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •