Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Typesetter Security Vulnerabilities

cve
cve

CVE-2022-25523

TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST...

8.8CVSS

8.7AI Score

0.002EPSS

2022-03-25 09:15 PM
57
cve
cve

CVE-2020-19511

Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in...

6.1CVSS

7.4AI Score

0.001EPSS

2021-06-21 07:15 PM
69
cve
cve

CVE-2020-35126

Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered...

4.8CVSS

4.9AI Score

0.001EPSS

2020-12-11 04:15 AM
38
cve
cve

CVE-2020-25790

Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being...

7.2CVSS

7.4AI Score

0.116EPSS

2020-09-19 09:15 PM
46
2
cve
cve

CVE-2019-20077

The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this...

4.3CVSS

7.4AI Score

0.001EPSS

2020-01-05 11:15 PM
55
cve
cve

CVE-2018-16639

Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page...

5.4CVSS

6.2AI Score

0.001EPSS

2019-05-13 01:29 PM
15
cve
cve

CVE-2018-16625

index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT...

4.8CVSS

6.2AI Score

0.001EPSS

2019-05-13 01:29 PM
19
cve
cve

CVE-2018-16626

index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class...

4.8CVSS

6.2AI Score

0.001EPSS

2019-05-13 01:29 PM
22
cve
cve

CVE-2018-20837

include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title...

4.8CVSS

7.4AI Score

0.001EPSS

2019-05-09 10:29 PM
17
cve
cve

CVE-2018-6889

An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache or perform advanced password reset attacks or even trigger arbitrary user...

8.8CVSS

7.3AI Score

0.007EPSS

2018-02-12 03:29 AM
18
cve
cve

CVE-2018-6888

An issue was discovered in Typesetter 5.1. The User Permissions page (aka Admin/Users) suffers from critical flaw of Cross Site Request forgery: using a forged HTTP request, a malicious user can lead a user to unknowingly create / delete or modify a user account due to the lack of an anti-CSRF...

8CVSS

6.7AI Score

0.001EPSS

2018-02-12 03:29 AM
26