CVE-2020-35241: XSS
First published: Wed Dec 30 2020(Updated: )
FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie according to the crafted payload.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| openMairie Openpresse | =1.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-35241?
CVE-2020-35241 has been classified as a medium severity vulnerability.
How do I fix CVE-2020-35241?
To fix CVE-2020-35241, upgrade FlatPress to the latest version that addresses this cross-site scripting vulnerability.
Who is affected by CVE-2020-35241?
Users of FlatPress version 1.0.3 are affected by CVE-2020-35241.
What type of vulnerability is CVE-2020-35241?
CVE-2020-35241 is a cross-site scripting (XSS) vulnerability.
Can CVE-2020-35241 allow cookie theft?
Yes, CVE-2020-35241 can allow an attacker to steal cookies through the XSS payload.
- agent/type
- agent/severity
- agent/first-publish-date
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/references
- agent/source
- agent/event
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/flatpress
- canonical/openmairie openpresse
- version/openmairie openpresse/1.0.3