Filtered by vendor Textpattern
Subscriptions
Filtered by product Textpattern
Subscriptions
Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40642 | 1 Textpattern | 1 Textpattern | 2024-08-04 | 4.3 Medium |
| Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. | ||||
| CVE-2021-30209 | 1 Textpattern | 1 Textpattern | 2024-08-03 | 6.5 Medium |
| Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions. | ||||
| CVE-2021-28001 | 1 Textpattern | 1 Textpattern | 2024-08-03 | 5.4 Medium |
| A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting https://site.com/articles/welcome-to-your-site#comments-head. | ||||
| CVE-2021-28002 | 1 Textpattern | 1 Textpattern | 2024-08-03 | 5.4 Medium |
| A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page. | ||||
| CVE-2023-50038 | 1 Textpattern | 1 Textpattern | 2024-08-02 | 8.8 High |
| There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions. | ||||
| CVE-2023-26852 | 1 Textpattern | 1 Textpattern | 2024-08-02 | 7.2 High |
| An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file. | ||||
| CVE-2023-24269 | 1 Textpattern | 1 Textpattern | 2024-08-02 | 8.8 High |
| An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file. | ||||