VYPR

Textpattern

by Textpattern

Source repositories

CVEs (34)

  • CVE-2021-28001Aug 19, 2021
    risk 0.00cvss epss 0.01

    A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting…

  • CVE-2020-23239Jul 26, 2021
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.

  • CVE-2020-19510Jun 21, 2021
    risk 0.00cvss epss 0.01

    Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.

  • CVE-2021-30209Apr 15, 2021
    risk 0.00cvss epss 0.01

    Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions.

  • CVE-2020-35854Jan 25, 2021
    risk 0.00cvss epss 0.01

    Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter.

  • CVE-2020-29458Dec 2, 2020
    risk 0.00cvss epss 0.01

    Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.

  • CVE-2015-8033Aug 14, 2020
    risk 0.00cvss epss 0.01

    In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account.

  • CVE-2015-8032Aug 14, 2020
    risk 0.00cvss epss 0.01

    In Textpattern 4.5.7, an unprivileged author can change an article's markup setting.

  • CVE-2014-4737Oct 10, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.

  • CVE-2011-3807Sep 24, 2011
    risk 0.00cvss epss 0.01

    Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_db.php and certain other files.

  • CVE-2008-5757Dec 30, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from…

  • CVE-2008-5670Dec 19, 2008
    risk 0.00cvss epss 0.01

    Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session.

  • CVE-2008-5669Dec 19, 2008
    risk 0.00cvss epss 0.02

    index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter.

  • CVE-2008-5668Dec 19, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (aka Txp CMS) 4.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to setup/index.php or (2) the name parameter to index.php in the comments preview section.

Page 2 of 2