CVE-2025-44108 | THREATINT

Description

A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently.

PUBLISHED Reserved 2025-04-22 | Published 2025-05-19 | Updated 2025-05-19 | Assigner mitre

References

harish0x.github.io/blog/CVE-2025-44108 exploit

github.com/flatpressblog/flatpress/releases/tag/1.3.1

github.com/flatpressblog/flatpress/releases/tag/1.4.rc2

github.com/...ommit/24a6feacf1747ec19725b52c097715c8ab9c4559

harish0x.github.io/blog/CVE-2025-44108

cve.org (CVE-2025-44108)

nvd.nist.gov (CVE-2025-44108)

Download JSON