NotCVE - vendor:"Flatpress" product:"Flatpress" version:"1.2.1"

Page 2 of 14 results (0.004 seconds)

CVSS: 5.5EPSS: 2%CPEs: 1EXPL: 1

CVE-2022-40047

https://notcve.org/view.php?id=CVE-2022-40047

11 Oct 2022 — Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php. Se ha detectado que Flatpress v1.2.1 contiene una vulnerabilidad de tipo cross-site scripting (XSS) reflejado por medio del parámetro page en el archivo /flatpress/admin.php • http://flatpress.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-40048

https://notcve.org/view.php?id=CVE-2022-40048

29 Sep 2022 — Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function. Se ha detectado que Flatpress versión v1.2.1, contiene una vulnerabilidad de ejecución de código remota (RCE) en la función Upload File • http://flatpress.com • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-41432

https://notcve.org/view.php?id=CVE-2021-41432

22 Jun 2022 — A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en FlatPress versión 1.2.1, que permite una ejecución arbitraria de comandos JavaScript mediante el contenido del blog • https://github.com/flatpressblog/flatpress/issues/88 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2

CVE-2022-24588

https://notcve.org/view.php?id=CVE-2022-24588

15 Feb 2022 — Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. Se ha detectado que Flatpress versión v1.2.1, contiene una vulnerabilidad de tipo cross-site scripting (XSS) en la función Upload SVG File • https://github.com/Nguyen-Trung-Kien/CVE • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2