Vulnerabilities > Textpattern > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-29 | CVE-2021-40642 | Missing Encryption of Sensitive Data vulnerability in Textpattern Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. | 4.3 |
| 2022-06-14 | CVE-2021-40658 | Cross-site Scripting vulnerability in Textpattern 4.8.7 Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”. | 4.8 |
| 2022-03-29 | CVE-2021-44082 | Cross-site Scripting vulnerability in Textpattern 4.8.7 textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. | 5.1 |
| 2021-04-15 | CVE-2021-30209 | Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern 4.8.4 Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions. | 4.0 |
| 2020-12-02 | CVE-2020-29458 | Cross-Site Request Forgery (CSRF) vulnerability in Textpattern 4.6.2 Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem. | 6.8 |
| 2020-08-14 | CVE-2015-8033 | Weak Password Requirements vulnerability in Textpattern 4.5.7 In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account. | 5.0 |
| 2020-08-14 | CVE-2015-8032 | Improper Privilege Management vulnerability in Textpattern 4.5.7 In Textpattern 4.5.7, an unprivileged author can change an article's markup setting. | 5.0 |
| 2014-10-10 | CVE-2014-4737 | Cross-Site Scripting vulnerability in Textpattern Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php. | 4.3 |
| 2012-01-05 | CVE-2011-5019 | Cross-Site Scripting vulnerability in Textpattern 4.4.1 Cross-site scripting (XSS) vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the ddb parameter. | 4.3 |
| 2011-09-24 | CVE-2011-3807 | Information Exposure vulnerability in Textpattern 4.2.0 Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_db.php and certain other files. | 5.0 |