Vulnerabilities > Textpattern > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-19 | CVE-2021-28002 | Cross-site Scripting vulnerability in Textpattern 4.9.0 A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. | 3.5 |
| 2021-08-19 | CVE-2021-28001 | Cross-site Scripting vulnerability in Textpattern 4.8.4 A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. | 3.5 |
| 2021-07-26 | CVE-2020-23239 | Cross-site Scripting vulnerability in Textpattern 4.8.1 Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature. | 3.5 |
| 2021-01-26 | CVE-2020-35854 | Cross-site Scripting vulnerability in Textpattern 4.8.4 Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter. | 3.5 |
| 2008-12-30 | CVE-2008-5757 | Cross-Site Scripting vulnerability in Textpattern Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. | 3.5 |