Reflected Cross-Site Scripting Vulnerability in Flatpress by Flatpress
CVE-2022-40047

5.4MEDIUM

Key Information:

Vendor: Flatpress
Status: Flatpress
Vendor: CVE Published:; 11 October 2022

What is CVE-2022-40047?

Flatpress v1.2.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the page parameter in the admin interface. This vulnerability can allow an attacker to execute arbitrary JavaScript in the context of the user's browser, leading to potential data theft or session hijacking. It is critical for users to patch this vulnerability to secure their web applications.

References

http://flatpress.com

https://github.com/flatpressblog/flatpress/issues/153

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Sep 6, 2022

CVE-2022-40047 Data

JSON