Vulnerabilities > Flatpress
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-28 | CVE-2022-4822 | Cross-site Scripting vulnerability in Flatpress A vulnerability, which was classified as problematic, has been found in FlatPress. | 6.1 |
| 2022-12-27 | CVE-2022-4755 | Cross-site Scripting vulnerability in Flatpress A vulnerability was found in FlatPress and classified as problematic. | 6.1 |
| 2022-12-27 | CVE-2022-4748 | Path Traversal vulnerability in Flatpress A vulnerability was found in FlatPress. | 9.8 |
| 2022-10-11 | CVE-2022-40047 | Cross-site Scripting vulnerability in Flatpress 1.2.1 Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php. | 5.4 |
| 2022-09-29 | CVE-2022-40048 | Unrestricted Upload of File with Dangerous Type vulnerability in Flatpress 1.2.1 Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function. | 7.2 |
| 2022-06-23 | CVE-2021-41432 | Cross-site Scripting vulnerability in Flatpress 1.2.1 A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content. | 3.5 |
| 2022-02-15 | CVE-2022-24588 | Cross-site Scripting vulnerability in Flatpress 1.2.1 Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. | 5.4 |
| 2021-07-30 | CVE-2020-22761 | Cross-Site Request Forgery (CSRF) vulnerability in Flatpress 1.1 Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php. | 8.8 |
| 2020-12-30 | CVE-2020-35241 | Cross-site Scripting vulnerability in Flatpress 1.0.3 FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. | 3.5 |
| 2015-01-13 | CVE-2014-100036 | Cross-site Scripting vulnerability in Flatpress 1.0.2 Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter to the default URI. | 4.3 |