CVE-2024-33209

FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser.
References
Link Resource
https://github.com/paragbagul111/CVE-2024-33209 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:flatpress:flatpress:1.3:*:*:*:*:*:*:*

History

16 Oct 2024, 13:33

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
First Time Flatpress
Flatpress flatpress
References () https://github.com/paragbagul111/CVE-2024-33209 - () https://github.com/paragbagul111/CVE-2024-33209 - Exploit, Third Party Advisory
CWE CWE-79
CPE cpe:2.3:a:flatpress:flatpress:1.3:*:*:*:*:*:*:*

04 Oct 2024, 13:50

Type Values Removed Values Added
Summary
  • (es) FlatPress v1.3 es vulnerable a Cross Site Scripting (XSS). Un atacante puede inyectar código JavaScript malicioso en la sección "Agregar nueva entrada", lo que le permite ejecutar código arbitrario en el contexto del navegador web de la víctima.

02 Oct 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-02 16:15

Updated : 2024-10-16 13:33


NVD link : CVE-2024-33209

Mitre link : CVE-2024-33209

CVE.ORG link : CVE-2024-33209


JSON object : View

Products Affected

flatpress

  • flatpress
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')