154 matches found
CVE-2021-28001
A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting...
Cross site scripting
A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting...
Cross site scripting
A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page...
CVE-2021-28002
CVE-2021-28002 affects Textpattern CMS (version around 4.9.0) where the Excerpt parameter is vulnerable to persistent cross-site scripting. The issue is triggered when users visit the Articles page and a crafted payload in the URL field can allow an attacker to execute arbitrary code in the conte...
CVE-2021-28002
A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page...
CVE-2021-28001
A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting...
CVE-2021-28001
Textpattern CMS 4.8.4 contains a reflected cross‑site scripting vulnerability in the Comments parameter, allowing arbitrary code execution via a crafted payload in the URL field (triggered by visiting https://site.com/articles/welcome-to-your-site#comments-head). The connected documents confirm t...
Textpattern CMS <= 4.8.8 CSRF Vulnerability
Textpattern CMS is prone to a cross-site request forgery CSRF vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...
CVE-2020-23239
Cross Site Scripting XSS vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature...
CVE-2020-23239
Cross Site Scripting XSS vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature...
Cross site scripting
Cross Site Scripting XSS vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature...
CVE-2020-23239
CVE-2020-23239 affects Textpattern CMS 4.8.1, with a cross-site scripting (XSS) flaw in the Menu Preferences Custom field. The vulnerability is described as enabling XSS via the Custom field in Menu Preferences. A related open-source/vuln source notes a vulnerability class for Textpattern CMS
CVE-2020-23239
Cross Site Scripting XSS vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature...
Textpattern CMS Detection (HTTP)
HTTP based detection of Textpattern CMS. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.146229";...
Textpattern CMS suffers from a file upload vulnerability (CNVD-2021-51401)
Textpattern CMS is a free open source content management system based on PHP and MySQL. A file upload vulnerability exists in Textpattern CMS version 4.8.7, which can be exploited by an attacker to gain control of the server...
TextPattern CMS 4.9.0-dev - Remote Command Execution (Authenticated) Exploit
Exploit Title: TextPattern CMS 4.9.0-dev - Remote Command Execution RCE Authenticated Exploit Author: Mevlüt Akçam Software Link: https://github.com/textpattern/textpattern Vendor Homepage: https://textpattern.com/ Version: 4.9.0-dev Tested on: 20.04.1-Ubuntu !/usr/bin/python3 import requests fro...
TextPattern CMS 4.9.0-dev - Remote Command Execution (RCE) (Authenticated)
Exploit Title: TextPattern CMS 4.9.0-dev - Remote Command Execution RCE Authenticated Date: 07/04/2021 Exploit Author: Mevlüt Akçam Software Link: https://github.com/textpattern/textpattern Vendor Homepage: https://textpattern.com/ Version: 4.9.0-dev Tested on: 20.04.1-Ubuntu !/usr/bin/python3...
TextPattern CMS 4.9.0-dev Remote Command Execution
Exploit Title: TextPattern CMS 4.9.0-dev - Remote Command Execution RCE Authenticated Date: 07/04/2021 Exploit Author: Mevlüt Akçam Software Link: https://github.com/textpattern/textpattern Vendor Homepage: https://textpattern.com/ Version: 4.9.0-dev Tested on: 20.04.1-Ubuntu !/usr/bin/python3...
File Upload Vulnerability in Textpattern CMS
Textpattern CMS is a free open source content management system based on PHP and MySQL. Textpattern CMS suffers from a file upload vulnerability that can be exploited by an attacker to gain control of the server...
TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated) Vulnerability
Exploit Title : TextPattern CMS 4.8.7 - Remote Command Execution Authenticated Exploit Author : Mert Daş email protected Software Link : https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web : https://textpattern.com/ Tested on: Server : Xampp First of all we should use file...