CVE-2008-4120

FlatPress 0.804 - Cross-Site Scripting via User/Pass Parameters or Name Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4120. PoCs published by Fabian Fingerle.

AI-analyzed exploit summary This exploit demonstrates multiple cross-site scripting (XSS) vulnerabilities in FlatPress by injecting malicious JavaScript into input fields. The PoC targets the 'user', 'pass', and 'name' parameters in login.php and contact.php, respectively.

Description

Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) pass parameter to login.php, or the (3) name parameter to contact.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Fabian Fingerle · htmlwebappsphp
https://www.exploit-db.com/exploits/32421

This exploit demonstrates multiple cross-site scripting (XSS) vulnerabilities in FlatPress by injecting malicious JavaScript into input fields. The PoC targets the 'user', 'pass', and 'name' parameters in login.php and contact.php, respectively.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: FlatPress versions prior to 0.804.1
No auth needed
Prerequisites: Access to the target FlatPress login or contact page
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/496740/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31407
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4324

Scores

EPSS 0.0176
EPSS Percentile 75.1%

Details

CWE
CWE-79
Status published
Products (1)
flatpress/flatpress 0.804
Published Sep 29, 2008
Tracked Since Feb 18, 2026