CVE-2025-25460

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-25460

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-25460.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-25460

Published

2025-02-24T16:15:14Z

Modified

2025-06-13T18:00:29.016486Z

Summary

[none]

Details

A stored Cross-Site Scripting (XSS) vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to improper input sanitization of the "TextArea" field in the blog entry submission form.

References

Affected packages

Git / github.com/flatpressblog/flatpress

Affected ranges

Type: GIT
Repo: https://github.com/flatpressblog/flatpress
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

e3525112643d83f1d96b87f5d209bd9de8d78330

Affected versions

1.*

1.1

1.2

1.2.1

1.2.beta1

1.2.beta2

1.3

1.3.1

1.3.beta1

1.3.rc1

v1.*

v1.0.1

v1.0.2

v1.0.3

v1.0.3.php7