CVE-2024-9699

Name of the Vulnerable Software and Affected Versions FlatPress CMS versions prior to 1.4.dev

Description A issue in the file upload functionality of the admin panel allows an attacker to upload a file with a JavaScript payload disguised as a filename, potentially leading to a Cross-Site Scripting (XSS) attack if other users access the uploaded file.

Recommendations For versions prior to 1.4.dev, update to version 1.4.dev to resolve the issue. As a temporary workaround, consider restricting access to the file upload functionality in the admin panel until the update is applied.