Flatpress
by Flatpress
Source repositories
CVEs (36)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-1106 | 0.00 | — | 0.00 | Mar 2, 2023 | Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3. | |||
| CVE-2023-1146 | 0.00 | — | 0.00 | Mar 2, 2023 | Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3. | |||
| CVE-2023-1147 | 0.00 | — | 0.00 | Mar 2, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | |||
| CVE-2023-1148 | 0.00 | — | 0.00 | Mar 2, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | |||
| CVE-2023-1104 | 0.00 | — | 0.00 | Mar 1, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | |||
| CVE-2023-1105 | 0.00 | — | 0.00 | Mar 1, 2023 | External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3. | |||
| CVE-2022-4822 | 0.00 | — | 0.00 | Dec 28, 2022 | A vulnerability, which was classified as problematic, has been found in FlatPress. This issue affects some unknown processing of the file setup/lib/main.lib.php of the component Setup. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name… | |||
| CVE-2022-4821 | 0.00 | — | 0.00 | Dec 28, 2022 | A vulnerability classified as problematic was found in FlatPress. This vulnerability affects the function onupload of the file admin/panels/uploader/admin.uploader.php of the component XML File Handler/MD File Handler. The manipulation leads to cross site scripting. The attack… | |||
| CVE-2022-4820 | 0.00 | — | 0.00 | Dec 28, 2022 | A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely.… | |||
| CVE-2022-4755 | 0.00 | — | 0.00 | Dec 27, 2022 | A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to… | |||
| CVE-2022-4748 | 0.00 | — | 0.01 | Dec 27, 2022 | A vulnerability was found in FlatPress. It has been classified as critical. This affects the function doItemActions of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component File Delete Handler. The manipulation of the argument deletefile leads to… | |||
| CVE-2022-4605 | 0.00 | — | 0.00 | Dec 18, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | |||
| CVE-2022-40048 | 0.00 | — | 0.02 | Sep 29, 2022 | Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function. | |||
| CVE-2022-24588 | 0.00 | — | 0.00 | Feb 15, 2022 | Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. | |||
| CVE-2020-22761 | 0.00 | — | 0.00 | Jul 29, 2021 | Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php. | |||
| CVE-2014-100036 | 0.00 | — | 0.00 | Jan 13, 2015 | Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter to the default URI. |
- CVE-2023-1106Mar 2, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3.
- CVE-2023-1146Mar 2, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3.
- CVE-2023-1147Mar 2, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
- CVE-2023-1148Mar 2, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
- CVE-2023-1104Mar 1, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
- CVE-2023-1105Mar 1, 2023risk 0.00cvss —epss 0.00
External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3.
- CVE-2022-4822Dec 28, 2022risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in FlatPress. This issue affects some unknown processing of the file setup/lib/main.lib.php of the component Setup. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name…
- CVE-2022-4821Dec 28, 2022risk 0.00cvss —epss 0.00
A vulnerability classified as problematic was found in FlatPress. This vulnerability affects the function onupload of the file admin/panels/uploader/admin.uploader.php of the component XML File Handler/MD File Handler. The manipulation leads to cross site scripting. The attack…
- CVE-2022-4820Dec 28, 2022risk 0.00cvss —epss 0.00
A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely.…
- CVE-2022-4755Dec 27, 2022risk 0.00cvss —epss 0.00
A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to…
- CVE-2022-4748Dec 27, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in FlatPress. It has been classified as critical. This affects the function doItemActions of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component File Delete Handler. The manipulation of the argument deletefile leads to…
- CVE-2022-4605Dec 18, 2022risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
- CVE-2022-40048Sep 29, 2022risk 0.00cvss —epss 0.02
Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function.
- CVE-2022-24588Feb 15, 2022risk 0.00cvss —epss 0.00
Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function.
- CVE-2020-22761Jul 29, 2021risk 0.00cvss —epss 0.00
Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php.
- CVE-2014-100036Jan 13, 2015risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter to the default URI.
Page 2 of 2