Vulnerabilities > Textpattern > Textpattern > 4.0.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-12 | CVE-2023-26852 | Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file. | 7.2 |
2022-06-29 | CVE-2021-40642 | Missing Encryption of Sensitive Data vulnerability in Textpattern Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. | 4.3 |
2018-03-14 | CVE-2018-7474 | SQL Injection vulnerability in Textpattern An issue was discovered in Textpattern CMS 4.6.2 and earlier. | 7.5 |
2014-10-10 | CVE-2014-4737 | Cross-Site Scripting vulnerability in Textpattern Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php. | 4.3 |
2008-12-30 | CVE-2008-5757 | Cross-Site Scripting vulnerability in Textpattern Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. | 3.5 |
2008-12-19 | CVE-2008-5670 | Credentials Management vulnerability in Textpattern 4.0.5 Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session. | 6.8 |
2008-12-19 | CVE-2008-5669 | Improper Input Validation vulnerability in Textpattern 4.0.5 index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter. | 5.0 |
2008-12-19 | CVE-2008-5668 | Cross-Site Scripting vulnerability in Textpattern 4.0.5 Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (aka Txp CMS) 4.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to setup/index.php or (2) the name parameter to index.php in the comments preview section. | 4.3 |