349 matches found
CVE-2021-44082
textpattern 4.8.7 is vulnerable to Cross Site Scripting XSS via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request...
Cross site scripting
textpattern 4.8.7 is vulnerable to Cross Site Scripting XSS via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request...
CVE-2021-44082
textpattern 4.8.7 is vulnerable to Cross Site Scripting XSS via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request...
CVE-2021-44082
Textpattern CMS 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote, unauthenticated attacker can use this to trigger remote code execution by uploading a webshell after stealing a CSRF token.
Textpattern CMS 跨站脚本漏洞
Textpattern CMS is a Php-based content management system from the Textpattern team. textpattern is vulnerable to cross-site scripting, which can be exploited by unauthenticated remote attackers to trigger remote code execution using XSS by uploading a webshell...
TextPattern CMS 4.8.7 Shell Upload
Exploit Title: TextPattern CMS 4.8.7 - Remote Command Execution RCE Authenticated Date: 2021/09/06 Exploit Author: Mert Daş [email protected] Software Link: https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web: https://textpattern.com/ Tested on: Server: Xampp First of...
TextPattern CMS 4.8.7 - Remote Command Execution (RCE) (Authenticated)
Exploit Title: TextPattern CMS 4.8.7 - Remote Command Execution RCE Authenticated Date: 2021/09/06 Exploit Author: Mert Daş [email protected] Software Link: https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web: https://textpattern.com/ Tested on: Server: Xampp First of...
TextPattern CMS 4.8.7 - Remote Command Execution Vulnerability
Exploit Title: TextPattern CMS 4.8.7 - Remote Command Execution RCE Authenticated Exploit Author: Mert Daş email protected Software Link: https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web: https://textpattern.com/ Tested on: Server: Xampp First of all we should use file...
Textpattern CMS 4.8.3 Remote Code Execution Exploit
Exploit Title: Textpattern = 4.8.3 Remote code execution Authenticated Exploit Author: Ricardo Ruiz @ricardojoserf Vendor Homepage: https://textpattern.com/ Software Link: https://textpattern.com/start Version: Previous to 4.8.3 Tested on: CentOS, textpattern 4.5.7 and 4.6.0 Install dependencies:...
CVE-2021-28001
A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting...
CVE-2021-28002
A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page...
CVE-2021-28001
A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting...
CVE-2021-28002
A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page...
Cross site scripting
A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting...
Cross site scripting
A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page...
CVE-2021-28002
A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page...
CVE-2021-28002
CVE-2021-28002 affects Textpattern CMS (version around 4.9.0) where the Excerpt parameter is vulnerable to persistent cross-site scripting. The issue is triggered when users visit the Articles page and a crafted payload in the URL field can allow an attacker to execute arbitrary code in the conte...
CVE-2021-28001
A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting...
CVE-2021-28001
Textpattern CMS 4.8.4 contains a reflected cross‑site scripting vulnerability in the Comments parameter, allowing arbitrary code execution via a crafted payload in the URL field (triggered by visiting https://site.com/articles/welcome-to-your-site#comments-head). The connected documents confirm t...
Textpattern Cms 跨站脚本漏洞
Textpattern Cms is a Php-based content management system from the Textpattern team. Textpattern CMS suffers from a cross-site scripting vulnerability that stems from a persistent cross-site scripting vulnerability found in the excerpt parameters of Textpattern CMS 4.9.0. An attacker could exploit...