Vendor CVEs
Flatpress
All CVEs
36 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-0947 | 0.04 | — | 0.53 | Feb 22, 2023 | Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3. | |||
| CVE-2024-25412 | 0.03 | — | 0.33 | Sep 27, 2024 | A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field. | |||
| CVE-2020-35241 | 0.03 | — | 0.01 | Dec 30, 2020 | FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can… | |||
| CVE-2009-4461 | 0.03 | — | 0.01 | Dec 30, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) contact.php, (2) login.php, and (3) search.php. | |||
| CVE-2008-4120 | 0.03 | — | 0.06 | Sep 29, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) pass parameter to login.php, or the (3) name parameter to contact.php. | |||
| CVE-2024-31835 | 0.02 | — | 0.23 | Oct 1, 2024 | Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter. | |||
| CVE-2024-25411 | 0.02 | — | 0.20 | Sep 27, 2024 | A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php. | |||
| CVE-2022-40047 | 0.02 | — | 0.24 | Oct 11, 2022 | Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php. | |||
| CVE-2022-4606 | 0.01 | — | 0.12 | Dec 18, 2022 | PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3. | |||
| CVE-2021-41432 | 0.01 | — | 0.12 | Jun 22, 2022 | A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content. | |||
| CVE-2025-44108 | 0.00 | — | 0.00 | May 19, 2025 | A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently. | |||
| CVE-2025-29602 | 0.00 | — | 0.00 | May 7, 2025 | flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Administration area via Manage categories. | |||
| CVE-2024-4023 | 0.00 | — | 0.00 | Mar 20, 2025 | A stored cross-site scripting (XSS) vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a `.xsig` extension and directly accesses this file, the server responds with a Content-type of application/octet-stream, leading to the file being… | |||
| CVE-2024-9699 | 0.00 | — | 0.00 | Mar 20, 2025 | A vulnerability in the file upload functionality of the FlatPress CMS admin panel (version latest) allows an attacker to upload a file with a JavaScript payload disguised as a filename. This can lead to a Cross-Site Scripting (XSS) attack if the uploaded file is accessed by… | |||
| CVE-2024-9847 | 0.00 | — | 0.00 | Mar 20, 2025 | FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow an attacker to enable or disable plugins on behalf of a victim user. The attacker can craft a malicious link or script that, when clicked by an authenticated user, will send a… | |||
| CVE-2025-25460 | 0.00 | — | 0.02 | Feb 24, 2025 | A stored Cross-Site Scripting (XSS) vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The… | |||
| CVE-2024-33209 | 0.00 | — | 0.06 | Oct 2, 2024 | FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser. | |||
| CVE-2024-41290 | 0.00 | — | 0.02 | Oct 2, 2024 | FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component. | |||
| CVE-2024-33210 | 0.00 | — | 0.03 | Oct 2, 2024 | A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users. | |||
| CVE-2023-1107 | 0.00 | — | 0.00 | Mar 2, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | |||
| CVE-2023-1106 | 0.00 | — | 0.00 | Mar 2, 2023 | Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3. | |||
| CVE-2023-1146 | 0.00 | — | 0.00 | Mar 2, 2023 | Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3. | |||
| CVE-2023-1147 | 0.00 | — | 0.00 | Mar 2, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | |||
| CVE-2023-1148 | 0.00 | — | 0.00 | Mar 2, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | |||
| CVE-2023-1104 | 0.00 | — | 0.00 | Mar 1, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | |||
| CVE-2023-1105 | 0.00 | — | 0.00 | Mar 1, 2023 | External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3. | |||
| CVE-2022-4822 | 0.00 | — | 0.00 | Dec 28, 2022 | A vulnerability, which was classified as problematic, has been found in FlatPress. This issue affects some unknown processing of the file setup/lib/main.lib.php of the component Setup. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name… | |||
| CVE-2022-4821 | 0.00 | — | 0.00 | Dec 28, 2022 | A vulnerability classified as problematic was found in FlatPress. This vulnerability affects the function onupload of the file admin/panels/uploader/admin.uploader.php of the component XML File Handler/MD File Handler. The manipulation leads to cross site scripting. The attack… | |||
| CVE-2022-4820 | 0.00 | — | 0.00 | Dec 28, 2022 | A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely.… | |||
| CVE-2022-4755 | 0.00 | — | 0.00 | Dec 27, 2022 | A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to… | |||
| CVE-2022-4748 | 0.00 | — | 0.01 | Dec 27, 2022 | A vulnerability was found in FlatPress. It has been classified as critical. This affects the function doItemActions of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component File Delete Handler. The manipulation of the argument deletefile leads to… | |||
| CVE-2022-4605 | 0.00 | — | 0.00 | Dec 18, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | |||
| CVE-2022-40048 | 0.00 | — | 0.02 | Sep 29, 2022 | Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function. | |||
| CVE-2022-24588 | 0.00 | — | 0.00 | Feb 15, 2022 | Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. | |||
| CVE-2020-22761 | 0.00 | — | 0.00 | Jul 29, 2021 | Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php. | |||
| CVE-2014-100036 | 0.00 | — | 0.00 | Jan 13, 2015 | Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter to the default URI. |
- CVE-2023-0947Feb 22, 2023risk 0.04cvss —epss 0.53
Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.
- CVE-2024-25412Sep 27, 2024risk 0.03cvss —epss 0.33
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field.
- CVE-2020-35241Dec 30, 2020risk 0.03cvss —epss 0.01
FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can…
- CVE-2009-4461Dec 30, 2009risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) contact.php, (2) login.php, and (3) search.php.
- CVE-2008-4120Sep 29, 2008risk 0.03cvss —epss 0.06
Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) pass parameter to login.php, or the (3) name parameter to contact.php.
- CVE-2024-31835Oct 1, 2024risk 0.02cvss —epss 0.23
Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter.
- CVE-2024-25411Sep 27, 2024risk 0.02cvss —epss 0.20
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php.
- CVE-2022-40047Oct 11, 2022risk 0.02cvss —epss 0.24
Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php.
- CVE-2022-4606Dec 18, 2022risk 0.01cvss —epss 0.12
PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3.
- CVE-2021-41432Jun 22, 2022risk 0.01cvss —epss 0.12
A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content.
- CVE-2025-44108May 19, 2025risk 0.00cvss —epss 0.00
A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently.
- CVE-2025-29602May 7, 2025risk 0.00cvss —epss 0.00
flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Administration area via Manage categories.
- CVE-2024-4023Mar 20, 2025risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a `.xsig` extension and directly accesses this file, the server responds with a Content-type of application/octet-stream, leading to the file being…
- CVE-2024-9699Mar 20, 2025risk 0.00cvss —epss 0.00
A vulnerability in the file upload functionality of the FlatPress CMS admin panel (version latest) allows an attacker to upload a file with a JavaScript payload disguised as a filename. This can lead to a Cross-Site Scripting (XSS) attack if the uploaded file is accessed by…
- CVE-2024-9847Mar 20, 2025risk 0.00cvss —epss 0.00
FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow an attacker to enable or disable plugins on behalf of a victim user. The attacker can craft a malicious link or script that, when clicked by an authenticated user, will send a…
- CVE-2025-25460Feb 24, 2025risk 0.00cvss —epss 0.02
A stored Cross-Site Scripting (XSS) vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The…
- CVE-2024-33209Oct 2, 2024risk 0.00cvss —epss 0.06
FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser.
- CVE-2024-41290Oct 2, 2024risk 0.00cvss —epss 0.02
FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component.
- CVE-2024-33210Oct 2, 2024risk 0.00cvss —epss 0.03
A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users.
- CVE-2023-1107Mar 2, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
- CVE-2023-1106Mar 2, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3.
- CVE-2023-1146Mar 2, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3.
- CVE-2023-1147Mar 2, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
- CVE-2023-1148Mar 2, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
- CVE-2023-1104Mar 1, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
- CVE-2023-1105Mar 1, 2023risk 0.00cvss —epss 0.00
External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3.
- CVE-2022-4822Dec 28, 2022risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in FlatPress. This issue affects some unknown processing of the file setup/lib/main.lib.php of the component Setup. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name…
- CVE-2022-4821Dec 28, 2022risk 0.00cvss —epss 0.00
A vulnerability classified as problematic was found in FlatPress. This vulnerability affects the function onupload of the file admin/panels/uploader/admin.uploader.php of the component XML File Handler/MD File Handler. The manipulation leads to cross site scripting. The attack…
- CVE-2022-4820Dec 28, 2022risk 0.00cvss —epss 0.00
A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely.…
- CVE-2022-4755Dec 27, 2022risk 0.00cvss —epss 0.00
A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to…
- CVE-2022-4748Dec 27, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in FlatPress. It has been classified as critical. This affects the function doItemActions of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component File Delete Handler. The manipulation of the argument deletefile leads to…
- CVE-2022-4605Dec 18, 2022risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
- CVE-2022-40048Sep 29, 2022risk 0.00cvss —epss 0.02
Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function.
- CVE-2022-24588Feb 15, 2022risk 0.00cvss —epss 0.00
Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function.
- CVE-2020-22761Jul 29, 2021risk 0.00cvss —epss 0.00
Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php.
- CVE-2014-100036Jan 13, 2015risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter to the default URI.