FKIE_CVE-2024-4023

Vulnerability from fkie_nvd - Published: 2025-03-20 10:15 - Updated: 2025-06-23 20:46
Severity ?
8.1 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Summary
A stored cross-site scripting (XSS) vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a `.xsig` extension and directly accesses this file, the server responds with a Content-type of application/octet-stream, leading to the file being processed as an HTML file. This allows an attacker to execute arbitrary JavaScript code, which can be used to steal user cookies, perform HTTP requests, and access content of the same origin.
References
security@huntr.devhttps://github.com/flatpressblog/flatpress/commit/3c9cc69364a45fd3f92d4bd606344b5dd1205d6aPatch
security@huntr.devhttps://huntr.com/bounties/ed803c13-0858-4c22-93ba-bf2384ab1e9dExploit, Third Party Advisory
Impacted products
Vendor Product Version
flatpress flatpress 1.3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:flatpress:flatpress:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD15C4E9-8A2B-4104-AF8A-FFB196940AAF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A stored cross-site scripting (XSS) vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a `.xsig` extension and directly accesses this file, the server responds with a Content-type of application/octet-stream, leading to the file being processed as an HTML file. This allows an attacker to execute arbitrary JavaScript code, which can be used to steal user cookies, perform HTTP requests, and access content of the same origin."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en flatpressblog/flatpress versi\u00f3n 1.3. Cuando un usuario sube un archivo con la extensi\u00f3n `.xsig` y accede directamente a \u00e9l, el servidor responde con un tipo de contenido de application/octet-stream, lo que hace que el archivo se procese como un archivo HTML. Esto permite a un atacante ejecutar c\u00f3digo JavaScript arbitrario, que puede utilizarse para robar cookies de usuario, realizar solicitudes HTTP y acceder a contenido del mismo origen."
    }
  ],
  "id": "CVE-2024-4023",
  "lastModified": "2025-06-23T20:46:33.523",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "security@huntr.dev",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-03-20T10:15:32.473",
  "references": [
    {
      "source": "security@huntr.dev",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/flatpressblog/flatpress/commit/3c9cc69364a45fd3f92d4bd606344b5dd1205d6a"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://huntr.com/bounties/ed803c13-0858-4c22-93ba-bf2384ab1e9d"
    }
  ],
  "sourceIdentifier": "security@huntr.dev",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security@huntr.dev",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.