POC详情: c22e5a54f9b5b6aeb76f83406bdcb9224510cd7f

来源
https://github.com/RoNiXxCybSeC0101/CVE-2025-25460
关联漏洞
标题: N/A (CVE-2025-25460)
描述:在FlatPress 1.3.1版本的“添加条目”功能中,发现了一个存储型跨站脚本(XSS)漏洞。该漏洞允许经过身份验证的攻击者将恶意的JavaScript载荷注入到博客文章中,当其他用户查看这些文章时,载荷会被执行。此问题是由博客条目提交表单中的“TextArea”字段输入过滤不当引起的。
描述
Cross Site Scripting Vulnerability in Flatpress CMS
介绍
# FlatPress CMS Stored XSS in v1.3.1  
**CVE-2025-25460**  
**Author:** Athul S  

## Description  
A stored Cross-Site Scripting (XSS) vulnerability was identified in **FlatPress 1.3.1** within the "Add Entry" feature. This vulnerability allows **authenticated attackers** to inject malicious JavaScript payloads into blog posts, which execute when other users view the posts. The issue arises due to **improper input sanitization** of the **"TextArea" field** in the blog entry submission form.

## Attack Vectors  
- An **authenticated attacker** can inject a malicious **JavaScript payload** into the blog post entry.  
- The payload executes when an **admin or another user** visits the affected blog entry.  
- This could lead to **session hijacking, phishing, or other client-side attacks**.

## Proof of Concept (PoC)  

### Steps to Reproduce:  
1. **Login as an Admin** in FlatPress v1.3.1.  
2. Navigate to the **"Add Entry"** section.  
3. Insert the following **XSS payload** in the text area:  

   ```html
   <script>alert('XSS Payload Triggered');</script>
   ```
4. Save the Entry and View the Post

The JavaScript payload will execute when the page loads, triggering an **XSS alert box**.  

   


![Screenshot 2025-02-21 094902](https://github.com/user-attachments/assets/2559bfba-8b4b-4a1c-b6b1-f11eb9637743)

![Screenshot 2025-02-21 094915](https://github.com/user-attachments/assets/557a86fa-0cfe-462e-938b-c762abfbdfe0)

![Screenshot 2025-02-21 095029](https://github.com/user-attachments/assets/f17be1ca-52b4-4dd8-af48-6d7eed0523fc)

![Screenshot 2025-02-21 095046](https://github.com/user-attachments/assets/1d10f62a-797b-461d-8efb-b28ca8fa04fe)

![Screenshot 2025-02-21 095059](https://github.com/user-attachments/assets/b98c25e7-15e7-4192-8968-ba718113d68c)


## Impact  
- **Code Execution:** ✅ *(JavaScript execution in the victim's browser)*  
- **Potential Exploits:**  
  - **Session Hijacking** (stealing admin cookies).  
  - **Phishing Attacks** (redirecting users to malicious sites).  
  - **Defacement** (injecting unwanted content into the page).  

## Affected Product  
- **Product:** FlatPress  
- **Version:** 1.3.1  
- **Component:** Add Entry Feature (TextArea Field)  

## Mitigation  
- **Sanitize user inputs** before rendering.  
- **Implement Content Security Policy (CSP)** to block inline scripts.  
- **Update to FlatPress 1.4-dev**, where the issue is patched.  

## Vendor Contact  
- Contacted via email:  
  - [hello@flatpress.org](mailto:hello@flatpress.org)  
  - [frank.pcn@gmail.com](mailto:frank.pcn@gmail.com)  
- Vendor **confirmed** the issue on **January 12, 2025**.  
- The vulnerability is being patched in the **FlatPress 1.4-dev branch**.  

## References  
- [FlatPress Official Website](https://www.flatpress.org/)  
- [FlatPress GitHub Repository](https://github.com/flatpressblog/flatpress)  

## Discoverer  
**Athul S**
文件快照

 [4.0K]  /data/pocs/c22e5a54f9b5b6aeb76f83406bdcb9224510cd7f
└── [2.8K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。