Unrated severityNVD Advisory· Published Oct 10, 2014· Updated Jun 17, 2026
CVE-2014-4737
CVE-2014-4737
Description
Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:a:textpattern:textpattern:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:textpattern:textpattern:*:*:*:*:*:*:*:*range: <=4.5.5
- cpe:2.3:a:textpattern:textpattern:4.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:textpattern:textpattern:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:textpattern:textpattern:4.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:textpattern:textpattern:4.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:textpattern:textpattern:4.5.4:*:*:*:*:*:*:*
- (no CPE)range: <4.5.7
Patches
Vulnerability mechanics
References
5- packetstormsecurity.com/files/128519/Textpattern-4.5.5-Cross-Site-Scripting.htmlnvdExploit
- textpattern.com/weblog/379/textpattern-cms-457-released-ten-years-onnvdExploitPatchVendor Advisory
- www.htbridge.com/advisory/HTB23223nvdExploit
- www.securityfocus.com/archive/1/533596/100/0/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/96802nvd
News mentions
0No linked articles in our index yet.