Vulnerabilities > Textpattern > Textpattern > 4.0.2

DATE CVE VULNERABILITY TITLE RISK
2023-04-12 CVE-2023-26852 Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern
An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.
network
low complexity
textpattern CWE-434
7.2
2022-06-29 CVE-2021-40642 Missing Encryption of Sensitive Data vulnerability in Textpattern
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php.
network
low complexity
textpattern CWE-311
4.3
2018-03-14 CVE-2018-7474 SQL Injection vulnerability in Textpattern
An issue was discovered in Textpattern CMS 4.6.2 and earlier.
network
low complexity
textpattern CWE-89
7.5
2014-10-10 CVE-2014-4737 Cross-Site Scripting vulnerability in Textpattern
Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.
4.3
2008-12-30 CVE-2008-5757 Cross-Site Scripting vulnerability in Textpattern
Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action.
3.5