CVE-2021-41432

MEDIUM NUCLEI

Flatpress - XSS

Title source: rule

Description

A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content.

Nuclei Templates (1)

FlatPress 1.2.1 - Stored Cross-Site Scripting

MEDIUMVERIFIEDby arafatansari

Shodan: http.html:"Flatpress" || http.html:"flatpress" || http.favicon.hash:-1189292869

FOFA: body="flatpress" || icon_hash=-1189292869

References (1)

[Exploit, Third Party Advisory] https://github.com/flatpressblog/flatpress/issues/88

Scores

CVSS v3 5.4

EPSS 0.1205

EPSS Percentile 93.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

flatpress/flatpress 1.2.1

Published Jun 23, 2022

Tracked Since Feb 18, 2026