CVE-2025-44108

Published: May 19, 2025

Modified: May 19, 2025

PUBLISHED

Description

A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/flatpressblog/flatpress/releases/tag/1.3.1

https://github.com/flatpressblog/flatpress/releases/tag/1.4.rc2

https://github.com/flatpressblog/flatpress/commit/24a6feacf1747ec19725b52c097715c8ab9c4559

https://harish0x.github.io/blog/CVE-2025-44108

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-44108

Description

Affected Products

References