Back to CVE List

CVE-2026-56785

HIGH SEVERITY

CVSS Score & Metrics

Base Score
8.2 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Vulnerability Description

FlatPress versions prior to commit 10be83c, contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and email fields are rendered without proper output encoding in Smarty templates. Attackers can inject arbitrary HTML and JavaScript through these fields to execute malicious scripts in browsers of viewers including administrators, or bypass URL scheme validation to inject javascript: or data: URIs.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-79
Source
NVD
Vendor
FlatPress
Product
FlatPress

External References

Discussion (0)

Add Comment

No comments yet. Be the first!