[INC-2024-0161] CVE Coordination in Flatboard
[INC-2024-0161] CVE Coordination in Flatboard
user@0150a2cc Wednesday 11th December 2024, 12:48:31Dear Flatboard team,
We are writing to you from INCIBE, the Spanish National Cybersecurity Institute, about 2 vulnerabilities reported by an external researcher in one of your products.
We participate in the CVE Program as CNA Root (https://www.cve.org/ProgramOrganization/Structure), which allows us to assign and publish CVE codes.
Please note that this report is not an incident, i.e. no one is exploiting the vulnerability. INCIBE is in charge of managing the CVE report, documentation and publication, in coordination with the affected parties.
As established in our disclosure policy, we have established by default a deadline of 60 days for you to take some kind of action for the resolution of these vulnerabilities, so we will start working on its publication from 11 of February.
Since we cannot attach the vulnerabilities here, we ask you to write to us by mail at cve-coordination@incibe.es.
Thank you very much and best regards,
We are writing to you from INCIBE, the Spanish National Cybersecurity Institute, about 2 vulnerabilities reported by an external researcher in one of your products.
We participate in the CVE Program as CNA Root (https://www.cve.org/ProgramOrganization/Structure), which allows us to assign and publish CVE codes.
Please note that this report is not an incident, i.e. no one is exploiting the vulnerability. INCIBE is in charge of managing the CVE report, documentation and publication, in coordination with the affected parties.
As established in our disclosure policy, we have established by default a deadline of 60 days for you to take some kind of action for the resolution of these vulnerabilities, so we will start working on its publication from 11 of February.
Since we cannot attach the vulnerabilities here, we ask you to write to us by mail at cve-coordination@incibe.es.
Thank you very much and best regards,
Replies 4
Hi, I just contacted you by email today.
Thank you for your feedback.
Thank you for your feedback.
- Before ask a question, read the documentation.
- 🎉 Featured as #1 product of the day on Product Hunt
- Please like in alternativeto.net 👍🏻
- ╰☆╮Flatboard╰☆╮ is a open source and community contributions are essential to project success!
- <TextField>, my new CMS project designed by a passionate developer, for developers!
- My last project Fast⚡︎CMS, a Flat-File cms.
- I am currently busy 😫.
A new version of Flatboard is available, correcting the vulnerabilities described by INCIBE (Spanish National Cybersecurity Institute).
It is recommended to update your site to Flatboard 3.2.2.
It is recommended to update your site to Flatboard 3.2.2.
- Before ask a question, read the documentation.
- 🎉 Featured as #1 product of the day on Product Hunt
- Please like in alternativeto.net 👍🏻
- ╰☆╮Flatboard╰☆╮ is a open source and community contributions are essential to project success!
- <TextField>, my new CMS project designed by a passionate developer, for developers!
- My last project Fast⚡︎CMS, a Flat-File cms.
- I am currently busy 😫.
Good morning!
We have just published the advisory associated with this case:
• multiple-stored-cross-site-scripting-xss-vulnerabilities-flatboard-pro
As you can see, we have included in the “solution” field that the vulnerability is fixed in the 3.2.2. version.
The CVE information on the MITRE website will be updated in the coming hours.
We would like to take this opportunity to thank you for your time and collaboration during the coordination process of this CVE.
Best regards,
INCIBE CNA Team
We have just published the advisory associated with this case:
• multiple-stored-cross-site-scripting-xss-vulnerabilities-flatboard-pro
As you can see, we have included in the “solution” field that the vulnerability is fixed in the 3.2.2. version.
The CVE information on the MITRE website will be updated in the coming hours.
We would like to take this opportunity to thank you for your time and collaboration during the coordination process of this CVE.
Best regards,
INCIBE CNA Team
Suggested Topics
JPRuehmann
started solved Rss Feed is not working anymore.
Bug reports
Alexander Liebrecht
started Can not make config changes
General Questions
Fred
started plugin Darkmode
Resources
AlexanderLiebrecht@5e3cf8af
started 🇩🇪 What about the use of the new flatboard theme?
General Questions