Vulnerabilities > Textpattern > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-06-29 CVE-2021-40642 Missing Encryption of Sensitive Data vulnerability in Textpattern
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php.
network
low complexity
textpattern CWE-311
4.3
4.3
2022-06-14 CVE-2021-40658 Cross-site Scripting vulnerability in Textpattern 4.8.7
Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”.
network
low complexity
textpattern CWE-79
4.8
4.8
2021-08-19 CVE-2021-28001 Cross-site Scripting vulnerability in Textpattern 4.8.4
A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field.
network
low complexity
textpattern CWE-79
5.4
5.4
2021-08-19 CVE-2021-28002 Cross-site Scripting vulnerability in Textpattern 4.9.0
A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field.
network
low complexity
textpattern CWE-79
5.4
5.4
2021-07-26 CVE-2020-23239 Cross-site Scripting vulnerability in Textpattern 4.8.1
Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.
network
low complexity
textpattern CWE-79
4.8
4.8
2021-04-15 CVE-2021-30209 Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern 4.8.4
Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions.
network
low complexity
textpattern CWE-434
6.5
6.5
2021-01-26 CVE-2020-35854 Cross-site Scripting vulnerability in Textpattern 4.8.4
Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter.
network
low complexity
textpattern CWE-79
4.8
4.8
2020-08-14 CVE-2015-8033 Weak Password Requirements vulnerability in Textpattern 4.5.7
In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account.
network
low complexity
textpattern CWE-521
5.3
5.3
2020-08-14 CVE-2015-8032 Improper Privilege Management vulnerability in Textpattern 4.5.7
In Textpattern 4.5.7, an unprivileged author can change an article's markup setting.
network
low complexity
textpattern CWE-269
5.3
5.3