repository icon
flatpressblog / flatpress Project repository

FlatPress is a lightweight, easy-to-set-up flat-file blogging engine.

Submit a report

FIRST INTERACTION

WITHINN/A DAYS

REVIEW

WITHIN147 DAYS

FIX

WITHIN92 DAYS

Store Dom XSS in Widgets
hainguyen0207
pending
Store XSS in International settings
hainguyen0207
pending
Store XSS in Entries
hainguyen0207
self closed
Store XSS at File Upload .html
hainguyen0207
pending
Stored XSS via SVG File Upload
m0ck3d
self closed
Stored XSS
m0ck3d
pending
Reflected and Stored Cross-site Scripting (XSS) Vulnerabilities in Manage Static...
0xb4c
pending
XSS in Categories
kkasdk
pending
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Manage Entries and...
0xb4c
pending
Cross site scripting on Blog title
ghostbit11
pending
Cross site scripting on creating entries
ghostbit11
pending
Stored XSS on Editing page
mike993
pending
stored xss in "Write Entry" module
christynorl
pending
File Upload Bypass Leads to Remote Code Execution (RCE)
choocs
pending
Unsanitized input that leads to XSS at Category Section
choocs
pending
FlatPress CMS Admin Panel File Upload Field Allows for JavaScript Payloads
paragbagul111
High
CVE-2024-9699
Directory Traversal Vulnerability in FlatPress CMS
paragbagul111
informative
High
No Protection against Bruteforce attacks on Login page
choocs
pending
Cross-Site Request Forgery (CSRF) in FlatPress CMS Allows Enabling/Disabling of...
paragbagul111
High
CVE-2024-9847
Flatpress 1.2.1 Remote Command Execution via Arbitrary File upload
ameerassadi
pending
Reflected cross-site scripting in `page=` parameter
ameerassadi
pending
Cross-site Scripting (XSS) - Stored
d4rkp0w4r
pending
File upload to RCE by changing .htaccess
juylang
informative
Critical
Stored XSS via `.xsig` File in
juylang
High
CVE-2024-4023
Stored XSS via Character set parameter on admin.php?p=config
leorac
pending
Stored XSS via `.pages` File in
juylang
High
CVE-2023-1104
Send comment as admin through Improper Neutralization of Delimiters
kos0ng
pending
Improper Input Validation lead to Arbitrary .txt File Deletion
kos0ng
pending
Improper Filename Handling Mechanism lead to RCE
kos0ng
pending
Stored XSS via blog author parameter on admin.php?p=config
leorac
Medium
CVE-2023-1146
Stored XSS through post comment body
leorac
Medium
CVE-2023-1147
Stored XSS on Option setting
baharuddinzulkifli
duplicate
Medium
Stored XSS via title, subtitle, footer and post title and content
leorac
Medium
CVE-2023-1148
The old session can be used after log out
uonghoangminhchau
pending
File Deletion Detected
juylang
High
CVE-2023-1105
Stored XSS via XML File
juylang
High
CVE-2023-1103
Stored XSS in multiple menus
uonghoangminhchau
Medium
CVE-2023-1107
Unsanitized input returned in response is conducive to XSS exploitation
und3sc0n0c1d0
Medium
CVE-2023-1106
Path traversal vulnerability found
nilabhrajpoot
High
CVE-2023-0947
XSS STORED via SVG Upload
nilabhrajpoot
self closed
Php Remote file Inclusion and RCE
mike993
High
CVE-2022-4606
Stored XSS via SVG File
mike993
Medium
CVE-2022-4605
Cross Site Scripting with Write/Edit Entries.
lethanhtrung22
pending
Insufficient Session Expiration
thelabda
pending
Cross-Site Request Forgery (CSRF)
thelabda
pending
Cross-Site Request Forgery (CSRF)
khanhchauminh
pending
External Control of File Name or Path
melbinkm
pending
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
melbinkm
Medium
$25
Sensitive Cookie Without 'HttpOnly' Flag
melbinkm
Medium