VYPR

Typecho

by Typecho

Source repositories

CVEs (14)

  • CVE-2024-35540Aug 20, 2024
    Typecho
    Typecho
    risk 0.04cvss epss 0.09

    A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

  • CVE-2024-35539Aug 19, 2024
    Typecho
    Typecho
    risk 0.03cvss epss 0.03

    Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the comments are posted too frequently.

  • CVE-2023-36299Aug 3, 2023
    Typecho
    Typecho
    risk 0.01cvss epss 0.11

    A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-general parameters in index.php.

  • CVE-2024-46494Apr 7, 2025
    Typecho Fans
    Typecho
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article.

  • CVE-2024-57369Jan 17, 2025
    Typecho Fans
    Typecho
    risk 0.00cvss epss 0.00

    Clickjacking vulnerability in typecho v1.2.1.

  • CVE-2024-35538Aug 19, 2024
    Typecho
    Typecho
    risk 0.00cvss epss 0.01

    Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.

  • CVE-2023-49967Dec 7, 2023
    Typecho
    Typecho
    risk 0.00cvss epss 0.00

    Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc.

  • CVE-2020-21038May 8, 2023
    Typecho
    Typecho
    risk 0.00cvss epss 0.00

    Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php.

  • CVE-2023-30184May 4, 2023
    Typecho
    Typecho
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment.

  • CVE-2023-27130Mar 16, 2023
    Typecho
    Typecho
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via an arbitrarily supplied URL parameter.

  • CVE-2023-27131Mar 16, 2023
    Typecho
    Typecho
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code viathe Post Editorparameter.

  • CVE-2023-27711Mar 16, 2023
    Typecho
    Typecho
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via the Comment Manager /admin/manage-comments.php component.

  • CVE-2023-24114Feb 22, 2023
    Typecho
    Typecho
    risk 0.00cvss epss 0.03

    typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via install.php.

  • CVE-2018-18753Oct 28, 2018
    Typecho
    Typecho
    risk 0.00cvss epss 0.02

    Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF.