CVE-2024-9699
Cross-Site Scripting (XSS) in flatpressblog/flatpress
A vulnerability in the file upload functionality of the FlatPress CMS admin panel (version latest) allows an attacker to upload a file with a JavaScript payload disguised as a filename. This can lead to a Cross-Site Scripting (XSS) attack if the uploaded file is accessed by other users. The issue is fixed in version 1.4.dev.
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Productos afectados
flatpressblog · flatpressblog/flatpress¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →