Cross-Site Scripting Vulnerabilities in FlatPress by Bmines
CVE-2009-4461

Currently unrated

Key Information:

Vendor: Flatpress
Status: Flatpress
Vendor: CVE Published:; 30 December 2009

Summary

FlatPress 0.909 contains multiple cross-site scripting vulnerabilities that enable remote attackers to inject arbitrary scripts or HTML into web pages. This can be exploited via the PATH_INFO variable by targeting specific PHP files, including contact.php, login.php, and search.php. This vulnerability presents a significant risk as it can lead to unauthorized actions performed on behalf of users, data theft, or other malicious activities.

References

http://secunia.com/advisories/37938

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/37471

vdb-entryx_refsource_BID

http://www.exploit-db.com/exploits/10688

exploitx_refsource_EXPLOIT-DB

Timeline

Vulnerability published
Dec 30, 2009
Vulnerability Reserved
Dec 30, 2009