Textpattern
by Textpattern
Source repositories
CVEs (34)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-28001 | 0.00 | — | 0.01 | Aug 19, 2021 | A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting… | |||
| CVE-2020-23239 | 0.00 | — | 0.01 | Jul 26, 2021 | Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature. | |||
| CVE-2020-19510 | 0.00 | — | 0.01 | Jun 21, 2021 | Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php. | |||
| CVE-2021-30209 | 0.00 | — | 0.01 | Apr 15, 2021 | Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions. | |||
| CVE-2020-35854 | 0.00 | — | 0.01 | Jan 25, 2021 | Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter. | |||
| CVE-2020-29458 | 0.00 | — | 0.01 | Dec 2, 2020 | Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem. | |||
| CVE-2015-8033 | 0.00 | — | 0.01 | Aug 14, 2020 | In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account. | |||
| CVE-2015-8032 | 0.00 | — | 0.01 | Aug 14, 2020 | In Textpattern 4.5.7, an unprivileged author can change an article's markup setting. | |||
| CVE-2014-4737 | 0.00 | — | 0.02 | Oct 10, 2014 | Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php. | |||
| CVE-2011-3807 | 0.00 | — | 0.01 | Sep 24, 2011 | Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_db.php and certain other files. | |||
| CVE-2008-5757 | 0.00 | — | 0.01 | Dec 30, 2008 | Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from… | |||
| CVE-2008-5670 | 0.00 | — | 0.01 | Dec 19, 2008 | Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session. | |||
| CVE-2008-5669 | 0.00 | — | 0.02 | Dec 19, 2008 | index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter. | |||
| CVE-2008-5668 | 0.00 | — | 0.01 | Dec 19, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (aka Txp CMS) 4.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to setup/index.php or (2) the name parameter to index.php in the comments preview section. |
- CVE-2021-28001Aug 19, 2021risk 0.00cvss —epss 0.01
A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting…
- CVE-2020-23239Jul 26, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.
- CVE-2020-19510Jun 21, 2021risk 0.00cvss —epss 0.01
Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.
- CVE-2021-30209Apr 15, 2021risk 0.00cvss —epss 0.01
Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions.
- CVE-2020-35854Jan 25, 2021risk 0.00cvss —epss 0.01
Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter.
- CVE-2020-29458Dec 2, 2020risk 0.00cvss —epss 0.01
Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.
- CVE-2015-8033Aug 14, 2020risk 0.00cvss —epss 0.01
In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account.
- CVE-2015-8032Aug 14, 2020risk 0.00cvss —epss 0.01
In Textpattern 4.5.7, an unprivileged author can change an article's markup setting.
- CVE-2014-4737Oct 10, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.
- CVE-2011-3807Sep 24, 2011risk 0.00cvss —epss 0.01
Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_db.php and certain other files.
- CVE-2008-5757Dec 30, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from…
- CVE-2008-5670Dec 19, 2008risk 0.00cvss —epss 0.01
Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session.
- CVE-2008-5669Dec 19, 2008risk 0.00cvss —epss 0.02
index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter.
- CVE-2008-5668Dec 19, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (aka Txp CMS) 4.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to setup/index.php or (2) the name parameter to index.php in the comments preview section.
Page 2 of 2