exploitDog

CVE-2025-25460

Опубликовано: 24 фев. 2025

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

A stored Cross-Site Scripting (XSS) vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to improper input sanitization of the "TextArea" field in the blog entry submission form.

Ссылки

https://github.com/RoNiXxCybSeC0101/CVE-2025-25460
Exploit
Third Party Advisory
https://github.com/flatpressblog/flatpress
Product
https://github.com/RoNiXxCybSeC0101/CVE-2025-25460
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:flatpress:flatpress:1.3.1:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01223

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-25460

CVSS3: 4.8

debian

12 месяцев назад

A stored Cross-Site Scripting (XSS) vulnerability was identified in Fl ...

GHSA-rfwv-x796-g3w9

CVSS3: 4.8

github

12 месяцев назад

A stored Cross-Site Scripting (XSS) vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to improper input sanitization of the "TextArea" field in the blog entry submission form.

EPSS

Процентиль: 79%

0.01223

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79