Vulnerabilities > Typesettercms

DATE CVE VULNERABILITY TITLE RISK
2022-03-25 CVE-2022-25523 Cross-Site Request Forgery (CSRF) vulnerability in Typesettercms Typesetter 5.1
TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request.
6.8
2021-06-21 CVE-2020-19511 Cross-site Scripting vulnerability in Typesettercms Typesetter 5.1
Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in index.php/Admin/Classes,
4.3
2020-12-11 CVE-2020-35126 Cross-site Scripting vulnerability in Typesettercms Typesetter
Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI.
network
low complexity
typesettercms CWE-79
4.8
2020-09-19 CVE-2020-25790 Unrestricted Upload of File with Dangerous Type vulnerability in Typesettercms Typesetter 5.0/5.0.1/5.1
Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive.
network
low complexity
typesettercms CWE-434
7.2
2020-01-05 CVE-2019-20077 Cross-Site Request Forgery (CSRF) vulnerability in Typesettercms Typesetter 5.1
The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability.
4.3
2019-05-13 CVE-2018-16639 Cross-site Scripting vulnerability in Typesettercms Typesetter 5.1
Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation.
3.5
2019-05-13 CVE-2018-16626 Cross-site Scripting vulnerability in Typesettercms Typesetter 5.1
index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name.
3.5
2019-05-13 CVE-2018-16625 Cross-site Scripting vulnerability in Typesettercms Typesetter 5.1
index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
3.5
2019-05-09 CVE-2018-20837 Cross-site Scripting vulnerability in Typesettercms Typesetter 5.1
include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS.
3.5
2018-02-12 CVE-2018-6889 Code Injection vulnerability in Typesettercms Typesetter 5.1
An issue was discovered in Typesetter 5.1.
network
low complexity
typesettercms CWE-94
6.5