Textpattern CMS Information Disclosure Vulnerability

Textpattern CMS is a Php-based content management system from the Textpattern team. An information disclosure vulnerability exists in Textpattern CMS v4.8.7 and prior versions, which stems from the application transmitting cookies used in HTTPS session transfers in plaintext. An attacker can...

CVE-2021-40642

Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplibmisc.php. The secure flag is not set for txplogin session cookie in the application. If the secure flag is not set, then the cookie will be...

CVE-2021-40642

Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplibmisc.php. The secure flag is not set for txplogin session cookie in the application. If the secure flag is not set, then the cookie will be...

Code injection

Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplibmisc.php. The secure flag is not set for txplogin session cookie in the application. If the secure flag is not set, then the cookie will be...

CVE-2021-40642

Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplibmisc.php. The secure flag is not set for txplogin session cookie in the application. If the secure flag is not set, then the cookie will be...

CVE-2021-40642

CVE-2021-40642 affects Textpattern CMS v4.8.7 and earlier. The issue is a missing Secure attribute on the txp_login session cookie in textpattern/lib/txplib_misc.php, allowing the cookie to be transmitted in clear-text over HTTP within the cookie’s scope. An attacker could induce this by sending ...

Textpattern CMS 安全漏洞

Textpattern CMS is a Php-based content management system from the Textpattern team. An information disclosure vulnerability exists in Textpattern CMS v4.8.7 and prior versions, which stems from the application transmitting cookies used in HTTPS session transfers in plaintext. An attacker can...

PT-2022-11284 · Unknown · Textpattern Cms

Name of the Vulnerable Software and Affected Versions: Textpattern CMS versions 4.8.7 and older Description: The issue exists due to a sensitive cookie in HTTPS sessions without the 'Secure' attribute set, specifically affecting the txp login session cookie in the application via...

Textpattern CMS <= 4.8.7 HTML Injection Vulnerability

Textpattern CMS is prone to a HTML injection vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2021-40658

Textpattern 4.8.7 is affected by a HTML injection vulnerability through “ContentWriteBody”...

CVE-2021-40658

Textpattern 4.8.7 is affected by a HTML injection vulnerability through “ContentWriteBody”...

Design/Logic Flaw

Textpattern 4.8.7 is affected by a HTML injection vulnerability through “ContentWriteBody”...

CVE-2021-40658

Textpattern 4.8.7 is affected by a HTML injection vulnerability through “ContentWriteBody”...

CVE-2021-40658

Textpattern 4.8.7 is affected by a HTML injection vulnerability in the Body field of Content&gt;Write&gt;Body. The vulnerability is described as a HTML injection issue in Textpattern CMS

Textpattern CMS 跨站脚本漏洞

Textpattern CMS is a Php-based content management system from the Textpattern team. A cross-site scripting vulnerability exists in Textpattern CMS version 4.8.7, which stems from the "Body" parameter being vulnerable to HTML injection...

PT-2022-11293 · Unknown · Textpattern

Name of the Vulnerable Software and Affected Versions: Textpattern version 4.8.7 Description: The issue is related to a HTML injection vulnerability. It can be exploited through the "ContentWriteBody" section. Recommendations: For version 4.8.7, consider restricting access to the "ContentWriteBod...

Textpattern CMS < 4.8.8 XSS Vulnerability

Textpattern CMS is prone to a cross-site scripting XSS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Textpattern CMS <= 4.8.8 Multiple Vulnerabilities

Textpattern CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:textpattern:textpattern";...

textpattern cross-site scripting vulnerability (CNVD-2022-34638)

Textpattern CMS is a Php-based content management system from the Textpattern team. textpattern is vulnerable to cross-site scripting, which can be exploited by unauthenticated remote attackers to trigger remote code execution using XSS by uploading a webshell...

CVE-2021-44082

textpattern 4.8.7 is vulnerable to Cross Site Scripting XSS via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request...