Textpattern : Security Vulnerabilities, CVEs, (XSS)
textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request.
Max CVSS
8.3
EPSS Score
1.88%
Published
2022-03-29
Updated
2022-04-06
A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page.
Max CVSS
5.4
EPSS Score
0.22%
Published
2021-08-19
Updated
2021-08-23
A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting https://site.com/articles/welcome-to-your-site#comments-head.
Max CVSS
5.4
EPSS Score
0.20%
Published
2021-08-19
Updated
2021-08-23
Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter.
Max CVSS
4.8
EPSS Score
0.07%
Published
2021-01-26
Updated
2021-02-01
Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.
Max CVSS
4.8
EPSS Score
0.06%
Published
2021-07-26
Updated
2021-07-30
Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.
Max CVSS
4.3
EPSS Score
0.31%
Published
2014-10-10
Updated
2018-10-09
Cross-site scripting (XSS) vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the ddb parameter.
Max CVSS
4.3
EPSS Score
0.20%
Published
2012-01-05
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from third party information.
Max CVSS
3.5
EPSS Score
0.09%
Published
2008-12-30
Updated
2018-10-11
Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (aka Txp CMS) 4.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to setup/index.php or (2) the name parameter to index.php in the comments preview section.
Max CVSS
4.3
EPSS Score
0.33%
Published
2008-12-19
Updated
2018-10-11
9 vulnerabilities found