Fraenkiman

4 exploits Active since Mar 2025
CVE-2026-56785 WRITEUP HIGH WRITEUP
FlatPress - Stored Cross-Site Scripting via Unescaped Comment and Contact Form Fields
FlatPress contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and email fields are rendered without proper output encoding in Smarty templates. Attackers can inject arbitrary HTML and JavaScript through these fields to execute malicious scripts in browsers of viewers including administrators, or bypass URL scheme validation to inject javascript: or data: URIs.
CVSS 8.2
CVE-2024-4023 WRITEUP HIGH WRITEUP
flatpress 1.3 - Stored Cross-Site Scripting via .xsig File Upload
A stored cross-site scripting (XSS) vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a `.xsig` extension and directly accesses this file, the server responds with a Content-type of application/octet-stream, leading to the file being processed as an HTML file. This allows an attacker to execute arbitrary JavaScript code, which can be used to steal user cookies, perform HTTP requests, and access content of the same origin.
CVSS 8.1
CVE-2024-9699 WRITEUP MEDIUM WRITEUP
FlatPress < 1.4 - Stored Cross-Site Scripting via File Upload Filename
A vulnerability in the file upload functionality of the FlatPress CMS admin panel (version latest) allows an attacker to upload a file with a JavaScript payload disguised as a filename. This can lead to a Cross-Site Scripting (XSS) attack if the uploaded file is accessed by other users. The issue is fixed in version 1.4.dev.
CVSS 5.4
CVE-2024-9847 WRITEUP HIGH WRITEUP
flatpress < 1.4 - Cross-Site Request Forgery via Plugin Toggle Action
FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow an attacker to enable or disable plugins on behalf of a victim user. The attacker can craft a malicious link or script that, when clicked by an authenticated user, will send a request to the FlatPress CMS server to perform the desired action on behalf of the victim user. Since the request is authenticated, the server will process it as if it were initiated by the legitimate user, effectively allowing the attacker to perform unauthorized actions. This vulnerability is fixed in version 1.4.dev.
CVSS 8.0