Flatpress

Flatpress

36 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2025-44108

Exploit
  • EPSS 0.11%
  • Veröffentlicht 19.05.2025 00:00:00
  • Zuletzt bearbeitet 12.06.2025 16:26:10

A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is...

6.1

CVE-2025-29602

Exploit
  • EPSS 0.18%
  • Veröffentlicht 07.05.2025 00:00:00
  • Zuletzt bearbeitet 16.06.2025 19:38:20

flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Administration area via Manage categories.

8.1

CVE-2024-4023

Exploit
  • EPSS 0.2%
  • Veröffentlicht 20.03.2025 10:09:54
  • Zuletzt bearbeitet 23.06.2025 20:46:33

A stored cross-site scripting (XSS) vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a `.xsig` extension and directly accesses this file, the server responds with a Content-type of application/octet-stream,...

5.4

CVE-2024-9699

  • EPSS 0.03%
  • Veröffentlicht 20.03.2025 10:09:46
  • Zuletzt bearbeitet 24.06.2025 14:37:51

A vulnerability in the file upload functionality of the FlatPress CMS admin panel (version latest) allows an attacker to upload a file with a JavaScript payload disguised as a filename. This can lead to a Cross-Site Scripting (XSS) attack if the uplo...

8

CVE-2024-9847

Exploit
  • EPSS 0.09%
  • Veröffentlicht 20.03.2025 10:09:19
  • Zuletzt bearbeitet 24.06.2025 14:38:04

FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow an attacker to enable or disable plugins on behalf of a victim user. The attacker can craft a malicious link or script that, when clicked by an authent...

4.8

CVE-2025-25460

Exploit
  • EPSS 1.22%
  • Veröffentlicht 24.02.2025 16:15:14
  • Zuletzt bearbeitet 12.06.2025 20:14:41

A stored Cross-Site Scripting (XSS) vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when oth...

8.1

CVE-2024-41290

  • EPSS 1.88%
  • Veröffentlicht 02.10.2024 17:15:20
  • Zuletzt bearbeitet 23.04.2025 00:57:06

FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component.

5.4

CVE-2024-33209

Exploit
  • EPSS 6.24%
  • Veröffentlicht 02.10.2024 16:15:10
  • Zuletzt bearbeitet 14.03.2025 16:15:31

FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser.

5.4

CVE-2024-33210

Exploit
  • EPSS 2.91%
  • Veröffentlicht 02.10.2024 16:15:10
  • Zuletzt bearbeitet 03.07.2025 14:30:58

A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users.

4.8

CVE-2024-31835

Exploit
  • EPSS 23.15%
  • Veröffentlicht 01.10.2024 19:15:07
  • Zuletzt bearbeitet 21.11.2024 09:13:58

Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter.