Typesettercms: >> Typesetter >> 5.0.1 Security Vulnerabilities
Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-12-11
Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2
CVSS Score
7.2
EPSS Score
0.41
Published
2020-09-19