Vulnerabilities > Textpattern > Textpattern > 4.8.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-12 | CVE-2023-26852 | Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file. | 7.2 |
| 2022-06-29 | CVE-2021-40642 | Missing Encryption of Sensitive Data vulnerability in Textpattern Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. | 4.3 |
| 2021-08-19 | CVE-2021-28001 | Cross-site Scripting vulnerability in Textpattern 4.8.4 A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. | 3.5 |
| 2021-04-15 | CVE-2021-30209 | Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern 4.8.4 Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions. | 4.0 |
| 2021-01-26 | CVE-2020-35854 | Cross-site Scripting vulnerability in Textpattern 4.8.4 Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter. | 3.5 |