Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
textpattern textpattern vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-29458
Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.
Textpattern Textpattern 4.6.2
7.5
CVSSv3
CVE-2018-1000090
textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file.
Textpattern Textpattern 4.6.2
NA
CVE-2008-5668
Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (aka Txp CMS) 4.0.5 allow remote malicious users to inject arbitrary web script or HTML via (1) the PATH_INFO to setup/index.php or (2) the name parameter to index.php in the comments preview section.
Textpattern Textpattern 4.0.5
NA
CVE-2011-5019
Cross-site scripting (XSS) vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the product is incompletely installed, allows remote malicious users to inject arbitrary web script or HTML via the ddb parameter.
Textpattern Textpattern 4.4.1
1 EDB exploit
8.3
CVSSv3
CVE-2021-44082
textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload...
Textpattern Textpattern 4.8.7
7.2
CVSSv3
CVE-2023-36220
Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated malicious user to execute arbitrary code and gain access to sensitive information via the plugin Upload function.
Textpattern Textpattern 4.8.8
NA
CVE-2008-5669
index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote malicious users to cause a denial of service via a long message parameter.
Textpattern Textpattern 4.0.5
5.4
CVSSv3
CVE-2021-28002
A persistent cross-site scripting vulnerability exists in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote malicious users to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Arti...
Textpattern Textpattern 4.9.0
4.8
CVSSv3
CVE-2020-35854
Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter.
Textpattern Textpattern 4.8.4
NA
CVE-2008-5670
Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote malicious users to change a password after hijacking a session.
Textpattern Textpattern 4.0.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »