CVE-2022-40047
published 2022-10-11CVE-2022-40047: Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php.
PriorityP429medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
1.43%
69.7th percentile
Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| flatpress | flatpress | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Flatpress < v1.2.1 - Cross Site Scripting
nuclei·CVSS 5.4
CVE-2022-40047 [MEDIUM] Flatpress < v1.2.1 - Cross Site Scripting
Flatpress < v1.2.1 - Cross Site Scripting
Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php.
Template:
id: CVE-2022-40047
info:
name: Flatpress < v1.2.1 - Cross Site Scripting
author: r3Y3r53
severity: medium
description: |
Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php.
impact: |
Authenticated attackers can inject malicious JavaScript through the page parameter in admin.php that executes in other users' browsers, potentially stealing session tokens or performing unauthorized actions in Flatpress blog administration.
remediation: |
Update Flatpress to a version later than 1.2.1 that properly sanitize
No writeups or analysis indexed.
2022-10-11
Published