PT-2025-27792 · Unknown · Flatboard Pro
Rafael Pedrero
·
Published
2025-07-03
·
Updated
2025-07-03
·
CVE-2025-40723
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
Flatboard Pro versions prior to 3.2.2
Description:
The issue is a Stored Cross-Site Scripting (XSS) vulnerability due to the lack of proper validation of user input. This occurs through the
footer text and announcement parameters in config.php.Recommendations:
For versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue.
As a temporary workaround, consider restricting access to the config.php file to minimize the risk of exploitation.
Avoid using the
footer text and announcement parameters in config.php until the issue is resolved.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flatboard Pro