Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter to the default URI.

References

• https://nvd.nist.gov/vuln/detail/CVE-2014-100036
• https://github.com/evacchi/flatpress/issues/14
• https://exchange.xforce.ibmcloud.com/vulnerabilities/92538
• https://www.netsparker.com/critical-xss-vulnerabilities-in-flatpress/
• http://secunia.com/advisories/57808