CVE-2008-4120

Flatpress - XSS

Title source: rule
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) pass parameter to login.php, or the (3) name parameter to contact.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Fabian Fingerle · htmlwebappsphp
https://www.exploit-db.com/exploits/32421

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/496740/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31407
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4324

Scores

EPSS 0.0562
EPSS Percentile 90.4%

Details

CWE
CWE-79
Status published
Products (1)
flatpress/flatpress 0.804
Published Sep 29, 2008
Tracked Since Feb 18, 2026