FlatPress Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in FlatPress version 1.3. This issue arises when a user uploads a file with a .xsig extension. The server responds to requests for these files with a Content-Type of application/octet-stream, causing the files to be interpreted as HTML. This misinterpretation allows an attacker to execute arbitrary JavaScript, potentially leading to cookie theft, unauthorized HTTP requests, and access to content from the same origin.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary JavaScript, which can be used to steal cookies, make unauthorized HTTP requests, and access content from the same origin.

Reproduction

To reproduce this vulnerability, upload a file with the .xsig extension through the FlatPress uploader. The uploaded file should contain malicious JavaScript, such as a script tag including a link to an external resource or a payload that steals cookies. After uploading, access the file directly, which will trigger the execution of the embedded JavaScript.

Remediation

Users can update to FlatPress version 1.3 'Andante', where this vulnerability has been fixed.