Filtered by vendor Flatpress
Subscriptions
Total
30 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4755 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 3.5 Low |
| A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to cross site scripting. The attack may be initiated remotely. The name of the patch is d3f329496536dc99f9707f2f295d571d65a496f5. It is recommended to apply a patch to fix this issue. The identifier VDB-216869 was assigned to this vulnerability. | ||||
| CVE-2022-4748 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in FlatPress. It has been classified as critical. This affects the function doItemActions of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component File Delete Handler. The manipulation of the argument deletefile leads to path traversal. The name of the patch is 5d5c7f6d8f072d14926fc2c3a97cdd763802f170. It is recommended to apply a patch to fix this issue. The identifier VDB-216861 was assigned to this vulnerability. | ||||
| CVE-2022-40048 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 7.2 High |
| Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function. | ||||
| CVE-2022-40047 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 5.4 Medium |
| Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php. | ||||
| CVE-2022-24588 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 5.4 Medium |
| Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. | ||||
| CVE-2021-41432 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content. | ||||
| CVE-2020-22761 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php. | ||||
| CVE-2024-33210 | 1 Flatpress | 1 Flatpress | 2024-10-04 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users. | ||||
| CVE-2024-41290 | 1 Flatpress | 1 Flatpress | 2024-10-04 | 8.1 High |
| FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component. | ||||
| CVE-2024-25411 | 1 Flatpress | 1 Flatpress | 2024-09-30 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php. | ||||