CPE Details
TextPattern 4.8.4
4.8.4
2021-02-01
11h50 +00:00
11h50 +00:00
2021-02-01
11h50 +00:00
11h50 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:textpattern:textpattern:4.8.4:*:*:*:*:*:*:*
Informations
Vendor
textpatternProduct
textpatternVersion
4.8.4Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file. | 7.2 |
Haute |
||
| Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. | 4.3 |
Moyen |
||
| A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting https://site.com/articles/welcome-to-your-site#comments-head. | 5.4 |
Moyen |
||
| Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions. | 6.5 |
Moyen |
||
| Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter. | 4.8 |
Moyen |
2025©
tesweb SA
