CVE-2025-44108

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-44108

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-44108.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-44108

Published

2025-05-19T14:15:24Z

Modified

2025-06-12T21:58:54.923939Z

Summary

[none]

Details

A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently.

References

Affected packages

Git / github.com/flatpressblog/flatpress

Affected ranges

Type: GIT
Repo: https://github.com/flatpressblog/flatpress
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

24a6feacf1747ec19725b52c097715c8ab9c4559

Fixed

533d1c918a77fa2b57f561f9e0680b30c7dcf5b6

Fixed

e3525112643d83f1d96b87f5d209bd9de8d78330

Affected versions

1.*

1.1

1.2

1.2.1

1.2.beta1

1.2.beta2

1.3

1.3.1

1.3.beta1

1.3.rc1

1.4.rc1

v1.*

v1.0.1

v1.0.2

v1.0.3

v1.0.3.php7