CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4748 – FlatPress File Delete panel.mediamanager.file.php doItemActions path traversal
https://notcve.org/view.php?id=CVE-2022-4748
27 Dec 2022 — A vulnerability was found in FlatPress. It has been classified as critical. This affects the function doItemActions of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component File Delete Handler. The manipulation of the argument deletefile leads to path traversal. The name of the patch is 5d5c7f6d8f072d14926fc2c3a97cdd763802f170. • https://github.com/flatpressblog/flatpress/commit/5d5c7f6d8f072d14926fc2c3a97cdd763802f170 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4605 – Cross-site Scripting (XSS) - Stored in flatpressblog/flatpress
https://notcve.org/view.php?id=CVE-2022-4605
18 Dec 2022 — Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. Cross-Site Scripting (XSS): almacenado en el repositorio de GitHub flatpressblog/flatpress anterior a 1.3. • https://github.com/flatpressblog/flatpress/commit/742f8b04f233e3cc52bed11f79fcc9911faee776 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 18%CPEs: 1EXPL: 1CVE-2022-4606 – PHP Remote File Inclusion in flatpressblog/flatpress
https://notcve.org/view.php?id=CVE-2022-4606
18 Dec 2022 — PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3. Inclusión remota de archivos PHP en el repositorio de GitHub flatpressblog/flatpress anterior a 1.3. • https://github.com/flatpressblog/flatpress/commit/c30d52b28483e1e512d0d81758d4c149f02b4068 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 5.5EPSS: 38%CPEs: 1EXPL: 1CVE-2022-40047
https://notcve.org/view.php?id=CVE-2022-40047
11 Oct 2022 — Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php. Se ha detectado que Flatpress v1.2.1 contiene una vulnerabilidad de tipo cross-site scripting (XSS) reflejado por medio del parámetro page en el archivo /flatpress/admin.php • http://flatpress.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 1%CPEs: 1EXPL: 1CVE-2022-40048
https://notcve.org/view.php?id=CVE-2022-40048
29 Sep 2022 — Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function. Se ha detectado que Flatpress versión v1.2.1, contiene una vulnerabilidad de ejecución de código remota (RCE) en la función Upload File • http://flatpress.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 5%CPEs: 1EXPL: 1CVE-2021-41432
https://notcve.org/view.php?id=CVE-2021-41432
22 Jun 2022 — A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en FlatPress versión 1.2.1, que permite una ejecución arbitraria de comandos JavaScript mediante el contenido del blog • https://github.com/flatpressblog/flatpress/issues/88 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2022-24588
https://notcve.org/view.php?id=CVE-2022-24588
15 Feb 2022 — Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. Se ha detectado que Flatpress versión v1.2.1, contiene una vulnerabilidad de tipo cross-site scripting (XSS) en la función Upload SVG File • https://github.com/Nguyen-Trung-Kien/CVE • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22761
https://notcve.org/view.php?id=CVE-2020-22761
29 Jul 2021 — Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php. Una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) en FlatPress versión 1.1, por medio de la función DeleteFile en el archivo flat/admin.php • https://github.com/flatpressblog/flatpress/issues/64 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-35241 – Flatpress Add Blog 1.0.3 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-35241
30 Dec 2020 — FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie according to the crafted payload. FlatPress versión 1.0.3, está afectado por una vulnerabilidad de tipo cross-site scripting (XSS) en el componente Blog Content. Esta vulnerabilidad puede permitir a un atacante in... • https://www.exploit-db.com/exploits/48826 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-100036
https://notcve.org/view.php?id=CVE-2014-100036
13 Jan 2015 — Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter to the default URI. Vulnerabilidad de XSS en FlatPress 1.0.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro content en la URI por defecto. • http://secunia.com/advisories/57808 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •