TextPattern CMS 4.8.7

CPE Details

TextPattern CMS 4.8.7
textpattern
textpattern
4.8.7
2022-04-05
15h37 +00:00
2022-04-06
12h05 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:textpattern:textpattern:4.8.7:*:*:*:*:*:*:*

Informations

Vendor

textpattern

Product

textpattern

Version

4.8.7

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-26852 2023-04-12 00h00 +00:00 An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.
7.2
High
CVE-2021-40642 2022-06-29 08h25 +00:00 Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.
4.3
Medium
CVE-2021-40658 2022-06-14 08h53 +00:00 Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”.
4.8
Medium
CVE-2021-44082 2022-03-29 20h50 +00:00 textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request.
8.3
High