Vulnerabilities > Typecho

DATE CVE VULNERABILITY TITLE RISK
2023-12-08 CVE-2023-6615 Unspecified vulnerability in Typecho 1.2.1
A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1.
network
low complexity
typecho
5.3
2023-12-08 CVE-2023-6613 Cross-site Scripting vulnerability in Typecho 1.2.1
A vulnerability classified as problematic has been found in Typecho 1.2.1.
network
low complexity
typecho CWE-79
4.8
2023-12-08 CVE-2023-6614 Hidden Functionality vulnerability in Typecho 1.2.1
A vulnerability classified as problematic was found in Typecho 1.2.1.
network
low complexity
typecho CWE-912
2.7
2023-12-07 CVE-2023-49967 XML Entity Expansion vulnerability in Typecho 1.2.1
Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc.
network
low complexity
typecho CWE-776
7.5
2023-08-03 CVE-2023-36299 Unrestricted Upload of File with Dangerous Type vulnerability in Typecho 1.2.1
A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-general parameters in index.php.
network
low complexity
typecho CWE-434
8.8
2023-05-08 CVE-2020-21038 Open Redirect vulnerability in Typecho 1.117.10.30
Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php.
network
low complexity
typecho CWE-601
6.1
2023-05-04 CVE-2023-30184 Cross-site Scripting vulnerability in Typecho
A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment.
network
low complexity
typecho CWE-79
5.4
2023-03-16 CVE-2023-27130 Cross-site Scripting vulnerability in Typecho
Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via an arbitrarily supplied URL parameter.
network
low complexity
typecho CWE-79
4.8
2023-03-16 CVE-2023-27131 Cross-site Scripting vulnerability in Typecho
Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code viathe Post Editorparameter.
network
low complexity
typecho CWE-79
4.8
2023-03-16 CVE-2023-27711 Cross-site Scripting vulnerability in Typecho
Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via the Comment Manager /admin/manage-comments.php component.
network
low complexity
typecho CWE-79
4.8