CVE Details
Basic Information
| Title |
CVE-2025-44108 |
| Type |
cve |
| Published |
2025-05-19T14:15:24 |
| Last Seen |
2025-05-19T14:28:22 |
CVSS Information
| Base Score |
0.0 () |
| Attack Vector |
|
| Attack Complexity |
|
| Privileges Required |
|
| User Interaction |
|
| Scope |
|
| Confidentiality Impact |
|
| Integrity Impact |
|
| Availability Impact |
|
AI Analysis
| AI Description |
A stored Cross-Site Scripting (XSS) vulnerability in Flatpress CMS before version 1.4 allows attackers with admin privileges to inject malicious JavaScript via the gallery captions component, which is then stored persistently. |
| AI Severity |
High |
| Vendor |
Flatpress Community |
| Product |
Flatpress CMS |
| Affected Version |
before 1.4 |
Additional Information
| CVE List |
CVE-2025-44108 |
| CWE List |
|
| Bulletin Family |
cve |
Description
A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently.
CVSS Score Summary
Base Score: %!f(string=#) ()
View Full CVE Details
