Typecho
Products
1- 18 CVEs
Recent CVEs
18| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-24114 | Cri | 0.64 | 9.8 | 0.01 | Feb 22, 2023 | typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via install.php. | ||
| CVE-2018-18753 | Cri | 0.64 | 9.8 | 0.03 | Oct 29, 2018 | Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF. | ||
| CVE-2024-35540 | Cri | 0.62 | 9.0 | 0.03 | Aug 20, 2024 | A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||
| CVE-2023-36299 | Hig | 0.57 | 8.8 | 0.01 | Aug 3, 2023 | A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-general parameters in index.php. | ||
| CVE-2023-49967 | Hig | 0.49 | 7.5 | 0.01 | Dec 7, 2023 | Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc. | ||
| CVE-2024-35539 | Med | 0.45 | 6.5 | 0.01 | Aug 19, 2024 | Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the comments are posted too frequently. | ||
| CVE-2024-57369 | Med | 0.42 | 6.4 | 0.00 | Jan 17, 2025 | Clickjacking vulnerability in typecho v1.2.1. | ||
| CVE-2020-21038 | Med | 0.40 | 6.1 | 0.00 | May 8, 2023 | Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php. | ||
| CVE-2024-46494 | Med | 0.35 | 5.4 | 0.00 | Apr 7, 2025 | A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article. | ||
| CVE-2023-30184 | Med | 0.35 | 5.4 | 0.00 | May 4, 2023 | A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment. | ||
| CVE-2017-16230 | Med | 0.35 | 5.4 | 0.01 | Oct 30, 2017 | In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payload in the article content, resulting in XSS via index.php/action/contents-post-edit. | ||
| CVE-2024-35538 | Med | 0.34 | 5.3 | 0.01 | Aug 19, 2024 | Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests. | ||
| CVE-2023-27711 | Med | 0.31 | 4.8 | 0.01 | Mar 16, 2023 | Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via the Comment Manager /admin/manage-comments.php component. | ||
| CVE-2023-27131 | Med | 0.31 | 4.8 | 0.01 | Mar 16, 2023 | Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code viathe Post Editorparameter. | ||
| CVE-2023-6615 | Low | 0.23 | 3.5 | 0.01 | Dec 8, 2023 | A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Affected by this issue is some unknown functionality of the file /admin/manage-users.php. The manipulation of the argument page leads to information disclosure. The exploit has been disclosed… | ||
| CVE-2023-6614 | Low | 0.18 | 2.7 | 0.01 | Dec 8, 2023 | A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this vulnerability is an unknown functionality of the file /admin/manage-pages.php of the component Page Handler. The manipulation leads to backdoor. The attack can be launched remotely. The… | ||
| CVE-2023-6613 | Low | 0.16 | 2.4 | 0.01 | Dec 8, 2023 | A vulnerability classified as problematic has been found in Typecho 1.2.1. Affected is an unknown function of the file /admin/options-theme.php of the component Logo Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The… | ||
| CVE-2023-27130 | Med | 0.00 | 4.8 | 0.01 | Mar 16, 2023 | Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via an arbitrarily supplied URL parameter. |
- risk 0.64cvss 9.8epss 0.01
typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via install.php.
- risk 0.64cvss 9.8epss 0.03
Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF.
- risk 0.62cvss 9.0epss 0.03
A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
- risk 0.57cvss 8.8epss 0.01
A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-general parameters in index.php.
- risk 0.49cvss 7.5epss 0.01
Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc.
- risk 0.45cvss 6.5epss 0.01
Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the comments are posted too frequently.
- risk 0.42cvss 6.4epss 0.00
Clickjacking vulnerability in typecho v1.2.1.
- risk 0.40cvss 6.1epss 0.00
Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php.
- risk 0.35cvss 5.4epss 0.00
A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article.
- risk 0.35cvss 5.4epss 0.00
A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment.
- risk 0.35cvss 5.4epss 0.01
In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payload in the article content, resulting in XSS via index.php/action/contents-post-edit.
- risk 0.34cvss 5.3epss 0.01
Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.
- risk 0.31cvss 4.8epss 0.01
Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via the Comment Manager /admin/manage-comments.php component.
- risk 0.31cvss 4.8epss 0.01
Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code viathe Post Editorparameter.
- risk 0.23cvss 3.5epss 0.01
A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Affected by this issue is some unknown functionality of the file /admin/manage-users.php. The manipulation of the argument page leads to information disclosure. The exploit has been disclosed…
- risk 0.18cvss 2.7epss 0.01
A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this vulnerability is an unknown functionality of the file /admin/manage-pages.php of the component Page Handler. The manipulation leads to backdoor. The attack can be launched remotely. The…
- risk 0.16cvss 2.4epss 0.01
A vulnerability classified as problematic has been found in Typecho 1.2.1. Affected is an unknown function of the file /admin/options-theme.php of the component Logo Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The…
- risk 0.00cvss 4.8epss 0.01
Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via an arbitrarily supplied URL parameter.