Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Textpattern'
2022-06-29
CVE-2021-40642
CWE-565
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.
2022-06-14
CVE-2021-40658
CWE-74
Textpattern 4.8.7 is affected by a HTML injection vulnerability through �??Content>Write>Body�?�.
2022-03-29
CVE-2021-44082
CWE-79
textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request.
2021-08-19
CVE-2021-28001
CWE-79
A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting https://site.com/articles/welcome-to-your-site#comments-head.
CVE-2021-28002
CWE-79
A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page.
2021-07-26
CVE-2020-23239
CWE-79
Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.
2021-04-15
CVE-2021-30209
CWE-434
Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions.
2021-01-26
CVE-2020-35854
CWE-79
Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter.
2020-12-02
CVE-2020-29458
CWE-352
Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.
2020-08-14
CVE-2015-8033
CWE-521
In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account.
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'Textpattern' 