Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-41290 | 1 Flatpress | 1 Flatpress | 2025-04-23 | N/A | 8.1 HIGH |
| FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component. | |||||
| CVE-2014-100036 | 1 Flatpress | 1 Flatpress | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter to the default URI. | |||||
| CVE-2009-4461 | 1 Flatpress | 1 Flatpress | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) contact.php, (2) login.php, and (3) search.php. | |||||
| CVE-2008-4120 | 1 Flatpress | 1 Flatpress | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) pass parameter to login.php, or the (3) name parameter to contact.php. | |||||
| CVE-2024-33209 | 1 Flatpress | 1 Flatpress | 2025-03-14 | N/A | 5.4 MEDIUM |
| FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser. | |||||
| CVE-2024-25412 | 1 Flatpress | 1 Flatpress | 2025-03-13 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field. | |||||
| CVE-2020-35241 | 1 Flatpress | 1 Flatpress | 2025-01-29 | 3.5 LOW | 4.8 MEDIUM |
| FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie according to the crafted payload. | |||||
| CVE-2024-31835 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter. | |||||
| CVE-2023-1148 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2023-1147 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2023-1146 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2023-1107 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2023-1106 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2023-1105 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 8.1 HIGH |
| External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2023-1104 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2023-0947 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 9.8 CRITICAL |
| Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2022-4822 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 2.4 LOW |
| A vulnerability, which was classified as problematic, has been found in FlatPress. This issue affects some unknown processing of the file setup/lib/main.lib.php of the component Setup. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 5f23b4c2eac294cc0ba5e541f83a6f8a26f9fed1. It is recommended to apply a patch to fix this issue. The identifier VDB-217001 was assigned to this vulnerability. | |||||
| CVE-2022-4821 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 2.4 LOW |
| A vulnerability classified as problematic was found in FlatPress. This vulnerability affects the function onupload of the file admin/panels/uploader/admin.uploader.php of the component XML File Handler/MD File Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 3cc223dec5260e533a84b5cf5780d3a4fbf21241. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217000. | |||||
| CVE-2022-4820 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 229752b51025e678370298284d42f8ebb231f67f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216999. | |||||
| CVE-2022-4755 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to cross site scripting. The attack may be initiated remotely. The name of the patch is d3f329496536dc99f9707f2f295d571d65a496f5. It is recommended to apply a patch to fix this issue. The identifier VDB-216869 was assigned to this vulnerability. | |||||