← Voltar para CVEs
CVE-2025-25460
MEDIUM4.8
Descricao
A stored Cross-Site Scripting (XSS) vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to improper input sanitization of the "TextArea" field in the blog entry submission form.
Detalhes CVE
Pontuacao CVSS v3.14.8
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioREQUIRED
Publicado2/24/2025
Ultima modificacao6/12/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
flatpress:flatpress
Fraquezas (CWE)
CWE-79
Referencias
https://github.com/RoNiXxCybSeC0101/CVE-2025-25460(cve@mitre.org)
https://github.com/flatpressblog/flatpress(cve@mitre.org)
https://github.com/RoNiXxCybSeC0101/CVE-2025-25460(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.