Filtered by vendor Typesettercms
Subscribe
Search
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-19511 | 1 Typesettercms | 1 Typesetter | 2021-06-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in index.php/Admin/Classes, | |||||
| CVE-2020-35126 | 1 Typesettercms | 1 Typesetter | 2020-12-14 | 3.5 LOW | 4.8 MEDIUM |
| ** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy." | |||||
| CVE-2019-20077 | 1 Typesettercms | 1 Typesetter | 2020-01-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this vulnerability. | |||||
| CVE-2018-16626 | 1 Typesettercms | 1 Typesetter | 2019-05-13 | 3.5 LOW | 4.8 MEDIUM |
| index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name. | |||||
| CVE-2018-16625 | 1 Typesettercms | 1 Typesetter | 2019-05-13 | 3.5 LOW | 4.8 MEDIUM |
| index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. | |||||
| CVE-2018-16639 | 1 Typesettercms | 1 Typesetter | 2019-05-13 | 3.5 LOW | 5.4 MEDIUM |
| Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation. | |||||
| CVE-2018-20837 | 1 Typesettercms | 1 Typesetter | 2019-05-10 | 3.5 LOW | 4.8 MEDIUM |
| include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS. | |||||