CVE-2024-33209

MEDIUM

FlatPress v1.3 - Stored Cross-Site Scripting in Add New Entry Section

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-33209. PoCs published by paragbagul111.

AI-analyzed exploit summary The repository lacks actual exploit code and instead provides a vague description of a stored XSS vulnerability in FlatPress CMS. It references an external video PoC hosted on Google Drive, which is a common indicator of suspicious repositories.

Description

FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser.

Exploits (1)

nomisec SUSPICIOUS

by paragbagul111 · poc

https://github.com/paragbagul111/CVE-2024-33209

View Code ZIP pw:eip

The repository lacks actual exploit code and instead provides a vague description of a stored XSS vulnerability in FlatPress CMS. It references an external video PoC hosted on Google Drive, which is a common indicator of suspicious repositories.

Classification

Suspicious 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: FlatPress CMS v1.3

Auth required

Prerequisites: Access to the admin panel's 'Add New Entry' feature

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/paragbagul111/CVE-2024-33209

Scores

CVSS v3 5.4

EPSS 0.0077

EPSS Percentile 50.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

flatpress/flatpress 1.3

Published Oct 02, 2024

Tracked Since Feb 18, 2026