CVE-2025-25460: XSS
First published: Mon Feb 24 2025(Updated: )
A stored Cross-Site Scripting (XSS) vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to improper input sanitization of the "TextArea" field in the blog entry submission form.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| openMairie Openpresse |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-25460?
The severity of CVE-2025-25460 is classified as medium due to the potential for authenticated attackers to exploit stored XSS vulnerabilities.
How do I fix CVE-2025-25460?
To fix CVE-2025-25460, update FlatPress to the latest version that addresses this stored XSS vulnerability.
Who is affected by CVE-2025-25460?
CVE-2025-25460 affects users of FlatPress version 1.3.1 who utilize the 'Add Entry' feature.
What type of vulnerability is CVE-2025-25460?
CVE-2025-25460 is a stored Cross-Site Scripting (XSS) vulnerability.
What can attackers do with CVE-2025-25460?
Attackers can inject malicious JavaScript payloads into blog posts using CVE-2025-25460, which are executed in the browsers of users who view the posts.
- collector/nvd-api
- source/NVD
- agent/author
- agent/first-publish-date
- agent/severity
- agent/last-modified-date
- agent/type
- agent/references
- agent/description
- agent/event
- agent/source
- collector/epss-latest
- source/FIRST
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/epss
- agent/weakness
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/flatpress
- canonical/openmairie openpresse