Typecho: >> Typecho >> 1.3.0 Security Vulnerabilities
A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
9.0
EPSS Score
0.006
Published
2024-08-20
Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-08-19
Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the comments are posted too frequently.
CVSS Score
6.5
EPSS Score
0.03
Published
2024-08-19