CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-40642

Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.0%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 4.3

References

Products affected by CVE-2021-40642

Textpattern » Textpattern » Version: 1.0

cpe:2.3:a:textpattern:textpattern:1.0
Textpattern » Textpattern » Version: 4.0.0

cpe:2.3:a:textpattern:textpattern:4.0.0
Textpattern » Textpattern » Version: 4.0.1

cpe:2.3:a:textpattern:textpattern:4.0.1
Textpattern » Textpattern » Version: 4.0.2

cpe:2.3:a:textpattern:textpattern:4.0.2
Textpattern » Textpattern » Version: 4.0.3

cpe:2.3:a:textpattern:textpattern:4.0.3
Textpattern » Textpattern » Version: 4.0.4

cpe:2.3:a:textpattern:textpattern:4.0.4
Textpattern » Textpattern » Version: 4.0.5

cpe:2.3:a:textpattern:textpattern:4.0.5
Textpattern » Textpattern » Version: 4.0.6

cpe:2.3:a:textpattern:textpattern:4.0.6
Textpattern » Textpattern » Version: 4.0.7

cpe:2.3:a:textpattern:textpattern:4.0.7
Textpattern » Textpattern » Version: 4.0.8

cpe:2.3:a:textpattern:textpattern:4.0.8
Textpattern » Textpattern » Version: 4.2.0

cpe:2.3:a:textpattern:textpattern:4.2.0
Textpattern » Textpattern » Version: 4.3.0

cpe:2.3:a:textpattern:textpattern:4.3.0
Textpattern » Textpattern » Version: 4.4.0

cpe:2.3:a:textpattern:textpattern:4.4.0
Textpattern » Textpattern » Version: 4.4.1

cpe:2.3:a:textpattern:textpattern:4.4.1
Textpattern » Textpattern » Version: 4.5.0

cpe:2.3:a:textpattern:textpattern:4.5.0
Textpattern » Textpattern » Version: 4.5.1

cpe:2.3:a:textpattern:textpattern:4.5.1
Textpattern » Textpattern » Version: 4.5.2

cpe:2.3:a:textpattern:textpattern:4.5.2
Textpattern » Textpattern » Version: 4.5.4

cpe:2.3:a:textpattern:textpattern:4.5.4
Textpattern » Textpattern » Version: 4.5.5

cpe:2.3:a:textpattern:textpattern:4.5.5
Textpattern » Textpattern » Version: 4.5.7

cpe:2.3:a:textpattern:textpattern:4.5.7
Textpattern » Textpattern » Version: 4.6.0

cpe:2.3:a:textpattern:textpattern:4.6.0
Textpattern » Textpattern » Version: 4.6.1

cpe:2.3:a:textpattern:textpattern:4.6.1
Textpattern » Textpattern » Version: 4.6.2

cpe:2.3:a:textpattern:textpattern:4.6.2
Textpattern » Textpattern » Version: 4.7.0

cpe:2.3:a:textpattern:textpattern:4.7.0
Textpattern » Textpattern » Version: 4.7.1

cpe:2.3:a:textpattern:textpattern:4.7.1
Textpattern » Textpattern » Version: 4.7.2

cpe:2.3:a:textpattern:textpattern:4.7.2
Textpattern » Textpattern » Version: 4.7.3

cpe:2.3:a:textpattern:textpattern:4.7.3
Textpattern » Textpattern » Version: 4.8.0

cpe:2.3:a:textpattern:textpattern:4.8.0
Textpattern » Textpattern » Version: 4.8.1

cpe:2.3:a:textpattern:textpattern:4.8.1
Textpattern » Textpattern » Version: 4.8.2

cpe:2.3:a:textpattern:textpattern:4.8.2
Textpattern » Textpattern » Version: 4.8.3

cpe:2.3:a:textpattern:textpattern:4.8.3
Textpattern » Textpattern » Version: 4.8.4

cpe:2.3:a:textpattern:textpattern:4.8.4
Textpattern » Textpattern » Version: 4.8.5

cpe:2.3:a:textpattern:textpattern:4.8.5
Textpattern » Textpattern » Version: 4.8.6

cpe:2.3:a:textpattern:textpattern:4.8.6
Textpattern » Textpattern » Version: 4.8.7

cpe:2.3:a:textpattern:textpattern:4.8.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-40642

Products

Pricing

Contact Us