Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typesettercms typesetter vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2020-35126
Typesetter CMS 5.x up to and including 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy.
Typesettercms Typesetter
7.2
CVSSv3
CVE-2020-25790
Typesetter CMS 5.x up to and including 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "con...
Typesettercms Typesetter
1 Github repository
4.8
CVSSv3
CVE-2018-16626
index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name.
Typesettercms Typesetter 5.1
5.4
CVSSv3
CVE-2018-16639
Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation.
Typesettercms Typesetter 5.1
4.8
CVSSv3
CVE-2018-16625
index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
Typesettercms Typesetter 5.1
6.1
CVSSv3
CVE-2020-19511
Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in index.php/Admin/Classes,
Typesettercms Typesetter 5.1
4.3
CVSSv3
CVE-2019-20077
The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this vulnerability.
Typesettercms Typesetter 5.1
8
CVSSv3
CVE-2018-6888
An issue exists in Typesetter 5.1. The User Permissions page (aka Admin/Users) suffers from critical flaw of Cross Site Request forgery: using a forged HTTP request, a malicious user can lead a user to unknowingly create / delete or modify a user account due to the lack of an ant...
Typesettercms Typesetter 5.1
1 EDB exploit
8.8
CVSSv3
CVE-2018-6889
An issue exists in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache or perform advanced password reset attacks or even trigger arbitrary user re-direction.
Typesettercms Typesetter 5.1
1 EDB exploit
4.8
CVSSv3
CVE-2018-20837
include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS.
Typesettercms Typesetter 5.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »