Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
textpattern textpattern vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-5757
Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and previous versions allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained f...
Textpattern Textpattern 4.0.1
Textpattern Textpattern
Textpattern Textpattern 4.0.3
Textpattern Textpattern 4.0.2
Textpattern Textpattern 4.0.5
Textpattern Textpattern 4.0.4
NA
CVE-2014-4737
Cross-site scripting (XSS) vulnerability in Textpattern CMS prior to 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.
Textpattern Textpattern 4.5.1
Textpattern Textpattern 4.5.2
Textpattern Textpattern 4.5.3
Textpattern Textpattern 4.5.4
Textpattern Textpattern
Textpattern Textpattern 4.5.0
7.2
CVSSv3
CVE-2023-26852
An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows malicious users to execute arbitrary code by uploading a crafted PHP file.
Textpattern Textpattern
1 Github repository
4.3
CVSSv3
CVE-2021-40642
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, the...
Textpattern Textpattern
9.8
CVSSv3
CVE-2018-7474
An issue exists in Textpattern CMS 4.6.2 and previous versions. It is possible to inject SQL code in the variable "qty" on the page index.php.
Textpattern Textpattern
1 EDB exploit
5.3
CVSSv3
CVE-2015-8032
In Textpattern 4.5.7, an unprivileged author can change an article's markup setting.
Textpattern Textpattern 4.5.7
8.3
CVSSv3
CVE-2021-44082
textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload...
Textpattern Textpattern 4.8.7
8.8
CVSSv3
CVE-2023-50038
There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions.
Textpattern Textpattern 4.8.8
5.3
CVSSv3
CVE-2015-8033
In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account.
Textpattern Textpattern 4.5.7
7.2
CVSSv3
CVE-2023-36220
Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated malicious user to execute arbitrary code and gain access to sensitive information via the plugin Upload function.
Textpattern Textpattern 4.8.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »