Textpattern: >> Textpattern Security Vulnerabilities
There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-12-28
Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.
CVSS Score
7.2
EPSS Score
0.027
Published
2023-08-07
An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-04-28
An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.
CVSS Score
7.2
EPSS Score
0.053
Published
2023-04-12
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-06-29
Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-06-14
textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request.
CVSS Score
8.3
EPSS Score
0.035
Published
2022-03-29
A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting https://site.com/articles/welcome-to-your-site#comments-head.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-08-19
A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-08-19
Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-07-26
Page 1