Shodan
Vulnerabilities
Vulnerable Software
Typesettercms:  >> Typesetter  >> 5.1  Security Vulnerabilities
CVE-2022-25523
TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-03-25
CVE-2020-19511
Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in index.php/Admin/Classes,
CVSS Score
6.1
EPSS Score
0.003
Published
2021-06-21
CVE-2020-35126
Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-12-11
CVE-2020-25790
Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2
CVSS Score
7.2
EPSS Score
0.41
Published
2020-09-19
CVE-2019-20077
The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this vulnerability.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-01-05
CVE-2018-16639
Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-05-13
CVE-2018-16625
index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-05-13
CVE-2018-16626
index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-05-13
CVE-2018-20837
include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-05-09
CVE-2018-6888
An issue was discovered in Typesetter 5.1. The User Permissions page (aka Admin/Users) suffers from critical flaw of Cross Site Request forgery: using a forged HTTP request, a malicious user can lead a user to unknowingly create / delete or modify a user account due to the lack of an anti-CSRF token.
CVSS Score
8.0
EPSS Score
0.001
Published
2018-02-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved