CVSS: 5.5EPSS: 2%CPEs: 1EXPL: 1CVE-2022-40047
https://notcve.org/view.php?id=CVE-2022-40047
11 Oct 2022 — Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php. Se ha detectado que Flatpress v1.2.1 contiene una vulnerabilidad de tipo cross-site scripting (XSS) reflejado por medio del parámetro page en el archivo /flatpress/admin.php • http://flatpress.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40048
https://notcve.org/view.php?id=CVE-2022-40048
29 Sep 2022 — Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function. Se ha detectado que Flatpress versión v1.2.1, contiene una vulnerabilidad de ejecución de código remota (RCE) en la función Upload File • http://flatpress.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41432
https://notcve.org/view.php?id=CVE-2021-41432
22 Jun 2022 — A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en FlatPress versión 1.2.1, que permite una ejecución arbitraria de comandos JavaScript mediante el contenido del blog • https://github.com/flatpressblog/flatpress/issues/88 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2022-24588
https://notcve.org/view.php?id=CVE-2022-24588
15 Feb 2022 — Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. Se ha detectado que Flatpress versión v1.2.1, contiene una vulnerabilidad de tipo cross-site scripting (XSS) en la función Upload SVG File • https://github.com/Nguyen-Trung-Kien/CVE • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22761
https://notcve.org/view.php?id=CVE-2020-22761
29 Jul 2021 — Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php. Una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) en FlatPress versión 1.1, por medio de la función DeleteFile en el archivo flat/admin.php • https://github.com/flatpressblog/flatpress/issues/64 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-35241 – Flatpress Add Blog 1.0.3 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-35241
30 Dec 2020 — FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie according to the crafted payload. FlatPress versión 1.0.3, está afectado por una vulnerabilidad de tipo cross-site scripting (XSS) en el componente Blog Content. Esta vulnerabilidad puede permitir a un atacante in... • https://www.exploit-db.com/exploits/48826 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-100036
https://notcve.org/view.php?id=CVE-2014-100036
13 Jan 2015 — Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter to the default URI. Vulnerabilidad de XSS en FlatPress 1.0.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro content en la URI por defecto. • http://secunia.com/advisories/57808 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2009-4461 – Flatpress - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-4461
30 Dec 2009 — Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) contact.php, (2) login.php, and (3) search.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en FlatPress v0.909 permite atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a traves de PATH_INFO a (1) contact.php, (2) login.php, and (3) search.php. • https://www.exploit-db.com/exploits/10688 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2008-4120 – Flatpress 0.804 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-4120
29 Sep 2008 — Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) pass parameter to login.php, or the (3) name parameter to contact.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en FlatPress v0.804, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros (1) "user", (2)"pass" en login.php, o (3) "name" en contact... • https://www.exploit-db.com/exploits/32421 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •