Flatpress v1.2.1 exists to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php.
flatpress flatpress 1.2.1