Reflected Cross-Site Scripting Vulnerability in Flatpress by Flatpress
CVE-2022-40047

5.4MEDIUM

Key Information:

Vendor: Flatpress
Status: Flatpress
Vendor: CVE Published:; 11 October 2022

Summary

Flatpress v1.2.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the page parameter in the admin interface. This vulnerability can allow an attacker to execute arbitrary JavaScript in the context of the user's browser, leading to potential data theft or session hijacking. It is critical for users to patch this vulnerability to secure their web applications.

References

http://flatpress.com

https://github.com/flatpressblog/flatpress/issues/153

EPSS Score

37% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Sep 6, 2022