CVE-2024-33209

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-33209

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-33209.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-33209

Published

2024-10-02T16:15:10.300Z

Modified

2025-11-20T12:26:29.193911Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser.

References

https://github.com/paragbagul111/CVE-2024-33209

Affected packages

Git / github.com/flatpressblog/flatpress

Affected ranges

Type: GIT
Repo: https://github.com/flatpressblog/flatpress
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

32771f9457f48d768747d41f7fffdcc66718465e

Affected versions

1.*

1.1

1.2

1.2.1

1.2.beta1

1.2.beta2

1.3

1.3.beta1

1.3.rc1

v1.*

v1.0.1

v1.0.2

v1.0.3

v1.0.3.php7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-33209.json"