Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
textpattern textpattern vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2008-5757
Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and previous versions allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained f...
Textpattern Textpattern 4.0.1
Textpattern Textpattern
Textpattern Textpattern 4.0.3
Textpattern Textpattern 4.0.2
Textpattern Textpattern 4.0.5
Textpattern Textpattern 4.0.4
4.3
CVSSv2
CVE-2014-4737
Cross-site scripting (XSS) vulnerability in Textpattern CMS prior to 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.
Textpattern Textpattern 4.5.1
Textpattern Textpattern 4.5.2
Textpattern Textpattern 4.5.3
Textpattern Textpattern 4.5.4
Textpattern Textpattern
Textpattern Textpattern 4.5.0
NA
CVE-2023-26852
An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows malicious users to execute arbitrary code by uploading a crafted PHP file.
Textpattern Textpattern
1 Github repository
4.3
CVSSv2
CVE-2021-40642
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, the...
Textpattern Textpattern
7.5
CVSSv2
CVE-2018-7474
An issue exists in Textpattern CMS 4.6.2 and previous versions. It is possible to inject SQL code in the variable "qty" on the page index.php.
Textpattern Textpattern
1 EDB exploit
NA
CVE-2023-24269
An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows malicious users to execute arbitrary code via a crafted Zip file.
Textpattern Textpattern 4.8.8
NA
CVE-2023-36220
Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated malicious user to execute arbitrary code and gain access to sensitive information via the plugin Upload function.
Textpattern Textpattern 4.8.8
NA
CVE-2023-50038
There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions.
Textpattern Textpattern 4.8.8
3.5
CVSSv2
CVE-2021-28002
A persistent cross-site scripting vulnerability exists in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote malicious users to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Arti...
Textpattern Textpattern 4.9.0
5.1
CVSSv2
CVE-2021-44082
textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload...
Textpattern Textpattern 4.8.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »