Cross-Site Scripting Flaw in FlatPress by FlatPress
CVE-2008-4120

Currently unrated

Key Information:

Vendor: Flatpress
Status: Flatpress
Vendor: CVE Published:; 29 September 2008

Summary

Multiple cross-site scripting (XSS) vulnerabilities are present in FlatPress version 0.804, which enable remote attackers to exploit user and pass parameters in login.php and the name parameter in contact.php. By crafting malicious inputs, attackers can inject arbitrary web scripts or HTML, potentially compromising user data and the integrity of the website.

References

http://www.flatpress.org/home/comments.php?entry=entry080...

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/496740/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/31407

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Sep 29, 2008
Vulnerability Reserved
Sep 18, 2008