Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50038 | 1 Textpattern | 1 Textpattern | 2024-01-04 | N/A | 8.8 HIGH |
| There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions. | |||||
| CVE-2023-36220 | 1 Textpattern | 1 Textpattern | 2023-08-09 | N/A | 7.2 HIGH |
| Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function. | |||||
| CVE-2021-40658 | 1 Textpattern | 1 Textpattern | 2023-08-08 | 3.5 LOW | 4.8 MEDIUM |
| Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”. | |||||
| CVE-2021-40642 | 1 Textpattern | 1 Textpattern | 2023-08-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. | |||||
| CVE-2023-24269 | 1 Textpattern | 1 Textpattern | 2023-05-08 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file. | |||||
| CVE-2023-26852 | 1 Textpattern | 1 Textpattern | 2023-04-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file. | |||||
| CVE-2021-44082 | 1 Textpattern | 1 Textpattern | 2022-04-06 | 5.1 MEDIUM | 8.3 HIGH |
| textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request. | |||||
| CVE-2021-28002 | 1 Textpattern | 1 Textpattern | 2021-08-23 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page. | |||||
| CVE-2021-28001 | 1 Textpattern | 1 Textpattern | 2021-08-23 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting https://site.com/articles/welcome-to-your-site#comments-head. | |||||
| CVE-2020-23239 | 1 Textpattern | 1 Textpattern | 2021-07-30 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature. | |||||
| CVE-2020-19510 | 2 Microsoft, Textpattern | 2 Windows, Textpattern | 2021-06-24 | 7.5 HIGH | 9.8 CRITICAL |
| Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php. | |||||
| CVE-2021-30209 | 1 Textpattern | 1 Textpattern | 2021-04-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions. | |||||
| CVE-2020-35854 | 1 Textpattern | 1 Textpattern | 2021-02-01 | 3.5 LOW | 4.8 MEDIUM |
| Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter. | |||||
| CVE-2020-29458 | 1 Textpattern | 1 Textpattern | 2020-12-02 | 6.8 MEDIUM | 8.8 HIGH |
| Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem. | |||||
| CVE-2015-8033 | 1 Textpattern | 1 Textpattern | 2020-08-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account. | |||||
| CVE-2015-8032 | 1 Textpattern | 1 Textpattern | 2020-08-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Textpattern 4.5.7, an unprivileged author can change an article's markup setting. | |||||
| CVE-2006-5615 | 1 Textpattern | 1 Textpattern | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in publish.php in Textpattern 1.19, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the txpcfg[txpath] parameter. | |||||
| CVE-2008-5757 | 1 Textpattern | 1 Textpattern | 2018-10-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5670 | 1 Textpattern | 1 Textpattern | 2018-10-11 | 6.8 MEDIUM | N/A |
| Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session. | |||||
| CVE-2008-5669 | 1 Textpattern | 1 Textpattern | 2018-10-11 | 5.0 MEDIUM | N/A |
| index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter. | |||||