Vulnerabilities > Textpattern > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-12-19 | CVE-2008-5670 | Credentials Management vulnerability in Textpattern 4.0.5 Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session. | 6.8 |
| 2008-12-19 | CVE-2008-5669 | Improper Input Validation vulnerability in Textpattern 4.0.5 index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter. | 5.0 |
| 2008-12-19 | CVE-2008-5668 | Cross-Site Scripting vulnerability in Textpattern 4.0.5 Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (aka Txp CMS) 4.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to setup/index.php or (2) the name parameter to index.php in the comments preview section. | 4.3 |