Search
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40658 | 1 Textpattern | 1 Textpattern | 2023-08-08 | 3.5 LOW | 4.8 MEDIUM |
| Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”. | |||||
| CVE-2021-40642 | 1 Textpattern | 1 Textpattern | 2023-08-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. | |||||
| CVE-2021-28002 | 1 Textpattern | 1 Textpattern | 2021-08-23 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page. | |||||
| CVE-2021-28001 | 1 Textpattern | 1 Textpattern | 2021-08-23 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting https://site.com/articles/welcome-to-your-site#comments-head. | |||||
| CVE-2020-23239 | 1 Textpattern | 1 Textpattern | 2021-07-30 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature. | |||||
| CVE-2021-30209 | 1 Textpattern | 1 Textpattern | 2021-04-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions. | |||||
| CVE-2020-35854 | 1 Textpattern | 1 Textpattern | 2021-02-01 | 3.5 LOW | 4.8 MEDIUM |
| Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter. | |||||
| CVE-2015-8033 | 1 Textpattern | 1 Textpattern | 2020-08-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account. | |||||
| CVE-2015-8032 | 1 Textpattern | 1 Textpattern | 2020-08-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Textpattern 4.5.7, an unprivileged author can change an article's markup setting. | |||||