harish0x

2 exploits Active since May 2025
CVE-2025-29602 NOMISEC MEDIUM WRITEUP
flatpress < 1.3.1 - Cross-Site Scripting in Administration Area via Manage Categories
flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Administration area via Manage categories.
CVSS 6.1
CVE-2025-44108 NOMISEC MEDIUM WRITEUP
Flatpress < 1.4 - Authenticated Stored Cross-Site Scripting via Gallery Captions
A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently.
CVSS 4.8