Textpattern

Textpattern

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2023-53911

Exploit
  • EPSS 0.04%
  • Veröffentlicht 17.12.2025 22:44:47
  • Zuletzt bearbeitet 27.12.2025 17:15:43

Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execute when th...

8.8

CVE-2023-50038

Exploit
  • EPSS 0.07%
  • Veröffentlicht 28.12.2023 07:15:08
  • Zuletzt bearbeitet 21.11.2024 08:36:29

There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions.

7.2

CVE-2023-36220

Exploit
  • EPSS 2.04%
  • Veröffentlicht 07.08.2023 14:15:11
  • Zuletzt bearbeitet 21.11.2024 08:09:25

Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.

8.8

CVE-2023-24269

Exploit
  • EPSS 0.18%
  • Veröffentlicht 28.04.2023 22:15:08
  • Zuletzt bearbeitet 30.01.2025 21:15:09

An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file.

7.2

CVE-2023-26852

Exploit
  • EPSS 7.26%
  • Veröffentlicht 12.04.2023 17:15:07
  • Zuletzt bearbeitet 10.02.2025 16:15:33

An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.

4.3

CVE-2021-40642

  • EPSS 0.12%
  • Veröffentlicht 29.06.2022 11:15:16
  • Zuletzt bearbeitet 21.11.2024 06:24:29

Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure ...

4.8

CVE-2021-40658

Exploit
  • EPSS 0.24%
  • Veröffentlicht 14.06.2022 11:15:10
  • Zuletzt bearbeitet 21.11.2024 06:24:31

Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”.

8.3

CVE-2021-44082

Exploit
  • EPSS 3.48%
  • Veröffentlicht 29.03.2022 23:15:07
  • Zuletzt bearbeitet 21.11.2024 06:30:20

textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token b...

5.4

CVE-2021-28002

Exploit
  • EPSS 0.23%
  • Veröffentlicht 19.08.2021 14:39:31
  • Zuletzt bearbeitet 21.11.2024 05:58:58

A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered ...

5.4

CVE-2021-28001

Exploit
  • EPSS 0.34%
  • Veröffentlicht 19.08.2021 14:39:31
  • Zuletzt bearbeitet 21.11.2024 05:58:58

A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users v...