Stored XSS via title, subtitle, footer and post title and content in flatpressblog/flatpress
Valid
Reported on
Dec 26th 2022
Description
The site is vulnerable to Stored XSS via Blog title, Blog subtitle and Blog footer.
Proof of Concept
- Login as Admin
- Go to Administration Area -> Option
Set n the 3 fields a payload like this:
<script>alert(document.domain)</script>

Now go to the blog, and you'll see that 3 payloads actually fires:

Also the title and body content of the entry is vulnerable, I'll set it as second occurrence.
Impact
JavaScript code can be executed on the user end without any interaction.
Occurrences
We are processing your report and will contact the
flatpressblog/flatpress
team within 24 hours.
4 months ago
leorac modified the report
4 months ago
leorac modified the report
4 months ago
We have contacted a member of the
flatpressblog/flatpress
team and are waiting to hear back
4 months ago
The researcher's credibility has increased: +7
The fix bounty has been dropped
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on
Mar 1st 2023
admin.config.php#L56
has been validated
It'll be published on the 1st of March 2023 (see above schedule)
to join this conversation
