Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-41432 PoC — FlatPress 跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/flatpress-xss.yaml
Associated Vulnerability
Title:FlatPress 跨站脚本漏洞 (CVE-2021-41432)
Description:A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content.
Description
FlatPress 1.2.1 contains a stored cross-site scripting vulnerability that allows for arbitrary execution of JavaScript commands through blog content. An attacker can steal cookie-based authentication credentials and launch other attacks. Note: this is similar to CVE-2021-41432, however this attack uses the "page" parameter.
File Snapshot

 id: flatpress-xss

info:
  name: FlatPress 1.2.1 - Stored Cross-Site Scripting
  author: arafatansar

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →