PT-2025-27791 · Unknown · Flatboard Pro
Rafael Pedrero
·
Published
2025-07-03
·
Updated
2025-07-03
·
CVE-2025-40722
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions:
Flatboard Pro versions prior to 3.2.2
Description:
The issue is a Stored Cross-Site Scripting (XSS) vulnerability due to the lack of proper validation of user input. This occurs through the
replace parameter in the "/config.php/tags" endpoint.Recommendations:
For versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue.
As a temporary workaround, consider restricting access to the "/config.php/tags" endpoint to minimize the risk of exploitation.
Avoid using the
replace parameter in the affected endpoint until the issue is resolved.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flatboard Pro