Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
textpattern textpattern vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-4737
Cross-site scripting (XSS) vulnerability in Textpattern CMS prior to 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.
Textpattern Textpattern 4.5.4
Textpattern Textpattern 4.5.0
Textpattern Textpattern 4.5.1
Textpattern Textpattern
Textpattern Textpattern 4.5.2
Textpattern Textpattern 4.5.3
NA
CVE-2008-5757
Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and previous versions allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained f...
Textpattern Textpattern 4.0.1
Textpattern Textpattern 4.0.3
Textpattern Textpattern
Textpattern Textpattern 4.0.2
Textpattern Textpattern 4.0.5
Textpattern Textpattern 4.0.4
7.2
CVSSv3
CVE-2023-26852
An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows malicious users to execute arbitrary code by uploading a crafted PHP file.
Textpattern Textpattern
1 Github repository
9.8
CVSSv3
CVE-2018-7474
An issue exists in Textpattern CMS 4.6.2 and previous versions. It is possible to inject SQL code in the variable "qty" on the page index.php.
Textpattern Textpattern
1 EDB exploit
4.3
CVSSv3
CVE-2021-40642
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, the...
Textpattern Textpattern
5.3
CVSSv3
CVE-2015-8033
In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account.
Textpattern Textpattern 4.5.7
NA
CVE-2010-3205
PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote malicious users to execute arbitrary PHP code via a URL in the inc parameter.
Textpattern Textpattern 4.2.0
1 EDB exploit
4.8
CVSSv3
CVE-2020-23239
Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.
Textpattern Textpattern 4.8.1
6.5
CVSSv3
CVE-2021-30209
Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions.
Textpattern Textpattern 4.8.4
NA
CVE-2006-5615
PHP remote file inclusion vulnerability in publish.php in Textpattern 1.19, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the txpcfg[txpath] parameter.
Textpattern Textpattern 1.19
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »