TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST...
8.8CVSS
8.7AI Score
0.002EPSS
Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in...
6.1CVSS
7.4AI Score
0.001EPSS
Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered...
4.8CVSS
4.9AI Score
0.001EPSS
Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being...
7.2CVSS
7.4AI Score
0.116EPSS
The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this...
4.3CVSS
7.4AI Score
0.001EPSS
Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page...
5.4CVSS
6.2AI Score
0.001EPSS
index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT...
4.8CVSS
6.2AI Score
0.001EPSS
index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class...
4.8CVSS
6.2AI Score
0.001EPSS
include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title...
4.8CVSS
7.4AI Score
0.001EPSS
An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache or perform advanced password reset attacks or even trigger arbitrary user...
8.8CVSS
7.3AI Score
0.007EPSS
An issue was discovered in Typesetter 5.1. The User Permissions page (aka Admin/Users) suffers from critical flaw of Cross Site Request forgery: using a forged HTTP request, a malicious user can lead a user to unknowingly create / delete or modify a user account due to the lack of an anti-CSRF...
8CVSS
6.7AI Score
0.001EPSS