HIGH
FlatPress
CVE published 2026-06-23
CVE-2026-56785
CVE-2026-56785 is a stored cross-site scripting vulnerability in FlatPress, a content management system. The vulnerability exists in the comment and contact forms, where the name, URL, and email fields are rendered without proper output encoding in Smarty templates. This allows attackers to inject arbitrary HTML and JavaScript, which can be executed in the browsers of viewers, including administrators. Th [truncated]