FlatPress Cross-Site Scripting Vulnerability Network Vulnerability

Summary

This host is running FlatPress and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected website. Impact Level: Application.

Solution

Upgrade FlatPress 0.1010.2 or later, For updates refer to http://flatpress.org/home/

Insight

The flaw is due to input passed to 'name', 'email' and 'url' POST parameters in index.php are not properly sanitised before returning to the user.

Affected

FlatPress version 0.1010.1 and prior

References

http://packetstormsecurity.org/files/view/102807/flatpress010101-xss.txt

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

AdaptCMS 'init.php' Remote File Include Vulnerability
Apache Tomcat Directory Listing and File disclosure
AbanteCart Multiple Cross-Site Scripting Vulnerabilities
7Media Web Solutions EduTrac Directory Traversal Vulnerability
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities

Take action and discover your vulnerabilities