Textpattern: >> Textpattern Security Vulnerabilities
Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_db.php and certain other files.
CVSS Score
5.0
EPSS Score
0.003
Published
2011-09-24
PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.
CVSS Score
7.5
EPSS Score
0.009
Published
2010-09-03
Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from third party information.
CVSS Score
3.5
EPSS Score
0.002
Published
2008-12-30
Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (aka Txp CMS) 4.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to setup/index.php or (2) the name parameter to index.php in the comments preview section.
CVSS Score
4.3
EPSS Score
0.003
Published
2008-12-19
index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter.
CVSS Score
5.0
EPSS Score
0.007
Published
2008-12-19
Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session.
CVSS Score
6.8
EPSS Score
0.005
Published
2008-12-19
PHP remote file inclusion vulnerability in publish.php in Textpattern 1.19, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the txpcfg[txpath] parameter.
CVSS Score
7.5
EPSS Score
0.021
Published
2006-10-31
Page 3