CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-44082

textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.035

EPSS Ranking 87.1%

CVSS Severity

CVSS v3 Score 8.3

CVSS v2 Score 5.1

References

https://pentest.co.uk/labs/leveraging-xss-to-get-rce-in-textpattern/
https://www.cornerpirate.com
https://www.pentest.co.uk
https://pentest.co.uk/labs/leveraging-xss-to-get-rce-in-textpattern/
https://www.cornerpirate.com
https://www.pentest.co.uk

Products affected by CVE-2021-44082

Textpattern » Textpattern » Version: 4.8.7

cpe:2.3:a:textpattern:textpattern:4.8.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-44082

Products

Pricing

Contact Us