FlatPress Cross-Site Scripting Vulnerability in Administration Area

A stored cross-site scripting vulnerability has been identified in FlatPress CMS version 1.3.1. This issue resides in the administration panel, specifically within the category management feature. An attacker with admin privileges can inject malicious JavaScript, which is then persistently stored. When a regular user accesses the affected page, the injected script executes automatically in their browser. This vulnerability could be exploited to steal session cookies, conduct phishing attacks, or redirect users to malicious websites.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected page.

Reproduction

To reproduce this vulnerability, download FlatPress CMS version 1.3.1 and upload it to a web server. Then, navigate to the administration panel and go to the category management section. In the edit categories field, insert a JavaScript payload, such as one that triggers an alert. Once the payload is saved, it will execute automatically when the compromised page is visited.

Remediation

Users can upgrade to FlatPress version 1.4 'Notturno' to address this vulnerability.