Typecho
Products
1- 14 CVEs
Recent CVEs
14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-35540 | 0.04 | — | 0.09 | Aug 20, 2024 | A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||
| CVE-2024-35539 | 0.03 | — | 0.03 | Aug 19, 2024 | Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the comments are posted too frequently. | |||
| CVE-2023-36299 | 0.01 | — | 0.11 | Aug 3, 2023 | A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-general parameters in index.php. | |||
| CVE-2024-46494 | 0.00 | — | 0.01 | Apr 7, 2025 | A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article. | |||
| CVE-2024-57369 | 0.00 | — | 0.00 | Jan 17, 2025 | Clickjacking vulnerability in typecho v1.2.1. | |||
| CVE-2024-35538 | 0.00 | — | 0.01 | Aug 19, 2024 | Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests. | |||
| CVE-2023-49967 | 0.00 | — | 0.00 | Dec 7, 2023 | Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc. | |||
| CVE-2020-21038 | 0.00 | — | 0.00 | May 8, 2023 | Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php. | |||
| CVE-2023-30184 | 0.00 | — | 0.00 | May 4, 2023 | A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment. | |||
| CVE-2023-27130 | 0.00 | — | 0.00 | Mar 16, 2023 | Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via an arbitrarily supplied URL parameter. | |||
| CVE-2023-27131 | 0.00 | — | 0.01 | Mar 16, 2023 | Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code viathe Post Editorparameter. | |||
| CVE-2023-27711 | 0.00 | — | 0.00 | Mar 16, 2023 | Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via the Comment Manager /admin/manage-comments.php component. | |||
| CVE-2023-24114 | 0.00 | — | 0.03 | Feb 22, 2023 | typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via install.php. | |||
| CVE-2018-18753 | 0.00 | — | 0.02 | Oct 28, 2018 | Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF. |
- CVE-2024-35540Aug 20, 2024risk 0.04cvss —epss 0.09
A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
- CVE-2024-35539Aug 19, 2024risk 0.03cvss —epss 0.03
Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the comments are posted too frequently.
- CVE-2023-36299Aug 3, 2023risk 0.01cvss —epss 0.11
A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-general parameters in index.php.
- CVE-2024-46494Apr 7, 2025risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article.
- CVE-2024-57369Jan 17, 2025risk 0.00cvss —epss 0.00
Clickjacking vulnerability in typecho v1.2.1.
- CVE-2024-35538Aug 19, 2024risk 0.00cvss —epss 0.01
Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.
- CVE-2023-49967Dec 7, 2023risk 0.00cvss —epss 0.00
Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc.
- CVE-2020-21038May 8, 2023risk 0.00cvss —epss 0.00
Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php.
- CVE-2023-30184May 4, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment.
- CVE-2023-27130Mar 16, 2023risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via an arbitrarily supplied URL parameter.
- CVE-2023-27131Mar 16, 2023risk 0.00cvss —epss 0.01
Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code viathe Post Editorparameter.
- CVE-2023-27711Mar 16, 2023risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via the Comment Manager /admin/manage-comments.php component.
- CVE-2023-24114Feb 22, 2023risk 0.00cvss —epss 0.03
typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via install.php.
- CVE-2018-18753Oct 28, 2018risk 0.00cvss —epss 0.02
Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF.