Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
textpattern vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2008-5757
Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and previous versions allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained f...
Textpattern Textpattern 4.0.1
Textpattern Textpattern
Textpattern Textpattern 4.0.3
Textpattern Textpattern 4.0.2
Textpattern Textpattern 4.0.5
Textpattern Textpattern 4.0.4
4.3
CVSSv2
CVE-2014-4737
Cross-site scripting (XSS) vulnerability in Textpattern CMS prior to 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.
Textpattern Textpattern 4.5.1
Textpattern Textpattern 4.5.2
Textpattern Textpattern 4.5.3
Textpattern Textpattern 4.5.4
Textpattern Textpattern
Textpattern Textpattern 4.5.0
NA
CVE-2023-26852
An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows malicious users to execute arbitrary code by uploading a crafted PHP file.
Textpattern Textpattern
1 Github repository
7.5
CVSSv2
CVE-2018-7474
An issue exists in Textpattern CMS 4.6.2 and previous versions. It is possible to inject SQL code in the variable "qty" on the page index.php.
Textpattern Textpattern
1 EDB exploit
4.3
CVSSv2
CVE-2021-40642
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, the...
Textpattern Textpattern
7.5
CVSSv2
CVE-2010-3205
PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote malicious users to execute arbitrary PHP code via a URL in the inc parameter.
Textpattern Textpattern 4.2.0
1 EDB exploit
7.8
CVSSv2
CVE-2018-1000090
textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file.
Textpattern Textpattern 4.6.2
3.5
CVSSv2
CVE-2020-23239
Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.
Textpattern Textpattern 4.8.1
7.5
CVSSv2
CVE-2020-19510
Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.
Textpattern Textpattern 4.7.3
4.3
CVSSv2
CVE-2008-5668
Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (aka Txp CMS) 4.0.5 allow remote malicious users to inject arbitrary web script or HTML via (1) the PATH_INFO to setup/index.php or (2) the name parameter to index.php in the comments preview section.
Textpattern Textpattern 4.0.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »