Azetto

**Name of the Vulnerable Software and Affected Versions** FlatPress (affected versions not specified) **Description** A problematic vulnerability has been found in FlatPress, affecting an unknown part of the file `admin/panels/entry/admin.entry.list.php` of the component Admin Area. The manipulation leads to cross-site scripting and can be initiated remotely. **Recommendations** To fix this issue, it is recommended to apply a patch. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FlatPress (affected versions not specified) **Description** A problematic vulnerability was found in FlatPress, affecting the `onupload` function of the `admin/panels/uploader/admin.uploader.php` file in the XML File Handler/MD File Handler component. This leads to cross-site scripting and can be initiated remotely. **Recommendations** Apply a patch to fix this issue. The patch is identified by the name `3cc223dec5260e533a84b5cf5780d3a4fbf21241`. As a temporary workaround, consider disabling the `onupload` function in the `admin.uploader.php` file until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** FlatPress (affected versions not specified) **Description** A problematic issue has been found in FlatPress, affecting some unknown processing of the file setup/lib/main.lib.php of the component Setup. The manipulation leads to cross site scripting. The attack may be initiated remotely. **Recommendations** To fix this issue, it is recommended to apply a patch. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FlatPress (affected versions not specified) **Description** A critical issue was found in FlatPress, affecting the function doItemActions of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component File Delete Handler. The manipulation of the `deletefile` argument leads to path traversal. **Recommendations** Apply a patch to fix this issue. As a temporary workaround, consider restricting access to the `doItemActions` function in the affected file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FlatPress (affected versions not specified) **Description** A problematic issue was found in FlatPress, affecting the function `main` of the file `fp-plugins/mediamanager/panels/panel.mediamanager.file.php` of the Media Manager Plugin. The manipulation of the argument `mm-newgallery-name` leads to cross-site scripting. The attack may be initiated remotely. **Recommendations** To fix this issue, it is recommended to apply a patch. The name of the patch is `d3f329496536dc99f9707f2f295d571d65a496f5`. As a temporary workaround, consider disabling the `main` function in the `panel.mediamanager.file.php` file until a patch is available. Restrict access to the Media Manager Plugin to minimize the risk of exploitation. Avoid using the argument `mm-newgallery-name` in the affected plugin until the issue is resolved.