Stored XSS through post comment body in flatpressblog/flatpress
Valid
Reported on
Jan 1st 2023
Description
The body of the comment is vulnerable to Stored XSS
Proof of Concept
- Create a post
- Comment on it, and insert
<script>alert(document.domain)</script>in the body


Impact
JavaScript code can be executed on the user end without any interaction.
We are processing your report and will contact the
flatpressblog/flatpress
team within 24 hours.
4 months ago
We have contacted a member of the
flatpressblog/flatpress
team and are waiting to hear back
4 months ago
The researcher's credibility has increased: +7
The fix bounty has been dropped
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on
Mar 1st 2023
to join this conversation