CVE-2008-5757

Cross-site scripting XSS vulnerability in textarea/index.php in Textpattern aka Txp CMS 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from third party information...

CVE-2008-5757

Cross-site scripting XSS vulnerability in textarea/index.php in Textpattern aka Txp CMS 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from third party information...

CVE-2008-5757

Textpattern (Txp CMS) 4.0.6 and earlier is affected by a cross-site scripting (XSS) vulnerability in textarea/index.php. The issue allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. The vulnerability is triggered through Form/body...

CVE-2008-5669

index.php in the comments preview section in Textpattern aka Txp CMS 4.0.5 allows remote attackers to cause a denial of service via a long message parameter...

CVE-2008-5670

Textpattern aka Txp CMS 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session...

CVE-2008-5668

Multiple cross-site scripting XSS vulnerabilities in Textpattern aka Txp CMS 4.0.5 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to setup/index.php or 2 the name parameter to index.php in the comments preview section...

CVE-2008-5669

index.php in the comments preview section in Textpattern aka Txp CMS 4.0.5 allows remote attackers to cause a denial of service via a long message parameter...

Default credentials

Textpattern aka Txp CMS 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session...

Code injection

index.php in the comments preview section in Textpattern aka Txp CMS 4.0.5 allows remote attackers to cause a denial of service via a long message parameter...

CVE-2008-5668

Multiple cross-site scripting XSS vulnerabilities in Textpattern aka Txp CMS 4.0.5 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to setup/index.php or 2 the name parameter to index.php in the comments preview section...

CVE-2008-5670

Textpattern aka Txp CMS 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Textpattern aka Txp CMS 4.0.5 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to setup/index.php or 2 the name parameter to index.php in the comments preview section...

CVE-2008-5669

index.php in the comments preview section in Textpattern aka Txp CMS 4.0.5 allows remote attackers to cause a denial of service via a long message parameter...

CVE-2008-5668

Textpattern (Txp CMS) 4.0.5 is affected by multiple XSS vulnerabilities. The issues allow remote attackers to inject arbitrary scripts or HTML via (1) PATH_INFO to setup/index.php and (2) the name parameter to index.php in the comments preview section. This CVE (CVE-2008-5668) is documented acros...

CVE-2008-5670

Textpattern (Txp CMS) 4.0.5 is affected by a vulnerability in the password reset workflow: it does not require the old password, enabling a password change after session hijacking. This is documented across multiple sources (NVD/NVD-derived entries). Impact described as allowing remote attackers ...

CVE-2008-5670

Textpattern aka Txp CMS 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session...

CVE-2008-5669

CVE-2008-5669 affects Textpattern (Txp CMS) 4.0.5. The vulnerability lies in index.php used by the comments preview section, where a long message parameter can be sent by an attacker to trigger a denial of service. The available connected documents confirm the affected product/version and the att...

CVE-2008-5668

Multiple cross-site scripting XSS vulnerabilities in Textpattern aka Txp CMS 4.0.5 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to setup/index.php or 2 the name parameter to index.php in the comments preview section...

[DSECRG-08-008] Textpattern 4.0.5 Multiple Security Vulnerabilities

Digital Security Research Group DSecRG Advisory DSECRG-08-008 Application: Txp CMS Versions Affected: 4.0.5 Vendor URL: http://www.textpattern.com Bugs: DOS, multiple XSS, etc. Exploits: YES Reported: 11.01.2008 Vendor response: 14.01.2008 Patch Released: 03.02.2008 Date of Public Advisory:...

DSECRG-08-008.txt

Digital Security Research Group DSecRG Advisory DSECRG-08-008 Application: Txp CMS Versions Affected: 4.0.5 Vendor URL: http://www.textpattern.com Bugs: DOS, multiple XSS, etc. Exploits: YES Reported: 11.01.2008 Vendor response: 14.01.2008 Patch Released: 03.02.2008 Date of Public Advisory:...