Vendor Homepage: https://www.flatpress.org/
Software Link: https://www.flatpress.org/download
Stored Cross-site scripting(XSS): Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application.
Vulnerable Parameters: Admin Page and Blog Content.
Steps-To-Reproduce:
- Go to the FlatPress admin page.
- Now go to the Entries - Write Entry.
- Now enter any subject.
- Put the below payload in Content: "<script>alert(document.cookie)</script>"
- Now click on Save&Continue button.
- The XSS will be triggered.
