CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9699 – Cross-Site Scripting (XSS) in flatpressblog/flatpress
https://notcve.org/view.php?id=CVE-2024-9699
20 Mar 2025 — A vulnerability in the file upload functionality of the FlatPress CMS admin panel (version latest) allows an attacker to upload a file with a JavaScript payload disguised as a filename. This can lead to a Cross-Site Scripting (XSS) attack if the uploaded file is accessed by other users. The issue is fixed in version 1.4.dev. • https://github.com/flatpressblog/flatpress/commit/f364391085334a7eae02aa2320edd6de7466ec85 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9847 – Cross-Site Request Forgery (CSRF) in flatpressblog/flatpress
https://notcve.org/view.php?id=CVE-2024-9847
20 Mar 2025 — FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow an attacker to enable or disable plugins on behalf of a victim user. The attacker can craft a malicious link or script that, when clicked by an authenticated user, will send a request to the FlatPress CMS server to perform the desired action on behalf of the victim user. Since the request is authenticated, the server will process it as if it were initiated by the legitimate user, effectively allowing the attac... • https://github.com/flatpressblog/flatpress/commit/a81c968f51f134b5e5f9bbe208aa12f4fbc329df • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-33209
https://notcve.org/view.php?id=CVE-2024-33209
02 Oct 2024 — FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser. • https://github.com/paragbagul111/CVE-2024-33209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-33210
https://notcve.org/view.php?id=CVE-2024-33210
02 Oct 2024 — A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users. • https://github.com/paragbagul111/CVE-2024-33210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 1CVE-2024-41290
https://notcve.org/view.php?id=CVE-2024-41290
02 Oct 2024 — FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component. • https://github.com/paragbagul111/CVE-2024-41290 • CWE-315: Cleartext Storage of Sensitive Information in a Cookie •
CVSS: 4.8EPSS: 10%CPEs: 1EXPL: 1CVE-2024-31835
https://notcve.org/view.php?id=CVE-2024-31835
01 Oct 2024 — Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter. • https://github.com/paragbagul111/CVE-2024-31835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 6%CPEs: 1EXPL: 1CVE-2024-25412
https://notcve.org/view.php?id=CVE-2024-25412
27 Sep 2024 — A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field. • https://github.com/paragbagul111/CVE-2024-25412 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 14%CPEs: 1EXPL: 1CVE-2024-25411
https://notcve.org/view.php?id=CVE-2024-25411
27 Sep 2024 — A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php. • https://github.com/paragbagul111/CVE-2024-25411 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1148 – Cross-site Scripting (XSS) - Stored in flatpressblog/flatpress
https://notcve.org/view.php?id=CVE-2023-1148
02 Mar 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. • https://github.com/flatpressblog/flatpress/commit/3a32aad0dec5df24c6576d7567d4f2eadbfc75de • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1147 – Cross-site Scripting (XSS) - Stored in flatpressblog/flatpress
https://notcve.org/view.php?id=CVE-2023-1147
02 Mar 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. • https://github.com/flatpressblog/flatpress/commit/264217f318a8852c4f3e34350d4a0e1363cdd727 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •