PACKETSTORM

📄 FlatPress 1.0.2 Cross Site Scripting_PACKETSTORM:214749

February 2, 2026 invoker category_exploit

Description

Cross site scripting vulnerabilities exist in FlatPress version 1.0.2. FlatPress is a blogging engine that saves posts as simple text files. This issue is older research added to the archive...
Visit Original Source

Basic Information

ID PACKETSTORM:214749
Published Feb 2, 2026 at 00:00

Affected Product

Affected Versions FlatPress 1.0.2 - Cross-site Scripting
Advisory ID: RO-14-011
Severity: Critical
Vendor: FlatPress
Product: FlatPress
Version: 1.0.2


Overview #

Cross-site Scripting (XSS) vulnerabilities exist in FlatPress version 1.0.2. FlatPress is a blogging engine that saves posts as simple text files.


Vulnerability Details #

Affected Versions: 1.0.2 and earlier

Root Cause: Insufficient input validation in the content parameter allows XSS attacks.
Technical Details #

POST /?x=entry:entry131123-000300 HTTP/1.1

content=</textarea><script>alert(9)</script>



Exploitation Requirements #

Authentication may be required
Victim must view the malicious content

Impact #

Remote attackers can exploit these vulnerabilities to:

Steal user session cookies
Perform actions on behalf of users
Persistently inject malicious content



Solution #

Update to a patched version. See GitHub Issue #14.


References #

Invicti Advisory NS-14-015

Timeline:

[2014-03-04] - First Contact
[2014-03-05] - Vendor Fixed
[2014-04-08] - Advisory Released

Credits: Omar Kurt

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.