← Volver a CVEs
CVE-2025-25460
MEDIUM4.8
Descripcion
A stored Cross-Site Scripting (XSS) vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to improper input sanitization of the "TextArea" field in the blog entry submission form.
Detalles CVE
Puntuacion CVSS v3.14.8
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioREQUIRED
Publicado2/24/2025
Ultima modificacion6/12/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
flatpress:flatpress
Debilidades (CWE)
CWE-79
Referencias
https://github.com/RoNiXxCybSeC0101/CVE-2025-25460(cve@mitre.org)
https://github.com/flatpressblog/flatpress(cve@mitre.org)
https://github.com/RoNiXxCybSeC0101/CVE-2025-25460(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.