Typesettercms: >> Typesetter >> 5.1 Security Vulnerabilities
index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-05-13
include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-05-09
An issue was discovered in Typesetter 5.1. The User Permissions page (aka Admin/Users) suffers from critical flaw of Cross Site Request forgery: using a forged HTTP request, a malicious user can lead a user to unknowingly create / delete or modify a user account due to the lack of an anti-CSRF token.
CVSS Score
8.0
EPSS Score
0.001
Published
2018-02-12
An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache or perform advanced password reset attacks or even trigger arbitrary user re-direction.
CVSS Score
8.8
EPSS Score
0.028
Published
2018-02-12
Page 2