Vulnerabilities > Typesettercms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-21 | CVE-2020-19511 | Cross-site Scripting vulnerability in Typesettercms Typesetter 5.1 Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in index.php/Admin/Classes, | 6.1 |
| 2020-12-11 | CVE-2020-35126 | Cross-site Scripting vulnerability in Typesettercms Typesetter Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. | 4.8 |
| 2020-01-05 | CVE-2019-20077 | Cross-Site Request Forgery (CSRF) vulnerability in Typesettercms Typesetter 5.1 The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. | 4.3 |
| 2019-05-13 | CVE-2018-16639 | Cross-site Scripting vulnerability in Typesettercms Typesetter 5.1 Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation. | 5.4 |
| 2019-05-13 | CVE-2018-16626 | Cross-site Scripting vulnerability in Typesettercms Typesetter 5.1 index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name. | 4.8 |
| 2019-05-13 | CVE-2018-16625 | Cross-site Scripting vulnerability in Typesettercms Typesetter 5.1 index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. | 4.8 |
| 2019-05-09 | CVE-2018-20837 | Cross-site Scripting vulnerability in Typesettercms Typesetter 5.1 include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS. | 4.8 |