Vulnerabilities > Typesettercms

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-25	CVE-2022-25523	Cross-Site Request Forgery (CSRF) vulnerability in Typesettercms Typesetter 5.1 TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request. network low complexity typesettercms CWE-352	8.8
2021-06-21	CVE-2020-19511	Cross-site Scripting vulnerability in Typesettercms Typesetter 5.1 Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in index.php/Admin/Classes, network low complexity typesettercms CWE-79	6.1
2020-12-11	CVE-2020-35126	Cross-site Scripting vulnerability in Typesettercms Typesetter Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. network low complexity typesettercms CWE-79	4.8
2020-09-19	CVE-2020-25790	Unrestricted Upload of File with Dangerous Type vulnerability in Typesettercms Typesetter 5.0/5.0.1/5.1 Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. network low complexity typesettercms CWE-434	7.2
2020-01-05	CVE-2019-20077	Cross-Site Request Forgery (CSRF) vulnerability in Typesettercms Typesetter 5.1 The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. network low complexity typesettercms CWE-352	4.3
2019-05-13	CVE-2018-16639	Cross-site Scripting vulnerability in Typesettercms Typesetter 5.1 Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation. network low complexity typesettercms CWE-79	5.4
2019-05-13	CVE-2018-16626	Cross-site Scripting vulnerability in Typesettercms Typesetter 5.1 index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name. network low complexity typesettercms CWE-79	4.8
2019-05-13	CVE-2018-16625	Cross-site Scripting vulnerability in Typesettercms Typesetter 5.1 index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. network low complexity typesettercms CWE-79	4.8
2019-05-09	CVE-2018-20837	Cross-site Scripting vulnerability in Typesettercms Typesetter 5.1 include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS. network low complexity typesettercms CWE-79	4.8
2018-02-12	CVE-2018-6889	Code Injection vulnerability in Typesettercms Typesetter 5.1 An issue was discovered in Typesetter 5.1. network low complexity typesettercms CWE-94	8.8

Vulnerabilities > Typesettercms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Typesettercms"}]}

Vulnerabilities > Typesettercms