349 matches found
CVE-2026-32986 Textpattern CMS 4.9.0: Second-Order XSS via Atom Feed Injection
Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting improper sanitization of user-supplied input in Atom feed XML elements. Attackers can embed unescaped payloads in parameters such as category th...
CVE-2026-32986
Textpattern CMS 4.9.0 is affected by a Second-Order XSS in Atom feed handling. User-controlled parameters (e.g., category) can be reflected into Atom fields like and without proper XML escaping, and the payload may execute when the feed is consumed by HTML-based readers or CMS aggregators that ...
Textpattern CMS 安全漏洞
Textpattern CMS is a content management system based on PHP developed by the Textpattern team. Version 4.9.0 of Textpattern CMS has a security vulnerability, which stems from improper user input handling in the Atom feed XML elements. This vulnerability could lead to second-degree cross-site...
PT-2026-26626
Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting improper sanitization of user-supplied input in Atom feed XML elements. Attackers can embed unescaped payloads in parameters such as category th...
📄 Textpattern 4.9.0 Cross Site Scripting
Textpattern version 4.9.0 suffers from a cross site scripting vulnerability. ============================================================================================================================================= | Title : Textpattern 4.9.0 Second-Order XSS via Atom Feed Injection | | Autho...
CVE-2021-47888
Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability that allows logged-in users to upload malicious PHP files. Attackers can upload a PHP file with a shell command execution payload and execute arbitrary commands by accessing the uploaded file through ...
CVE-2021-47888
Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability that allows logged-in users to upload malicious PHP files. Attackers can upload a PHP file with a shell command execution payload and execute arbitrary commands by accessing the uploaded file through ...
CVE-2021-47888
Textpattern versions prior to 4.8.3 are affected by an authenticated remote code execution vulnerability. Logged-in users can upload a malicious PHP file and execute commands by accessing the uploaded file via a specific URL parameter. Affected product: Textpattern; root cause is arbitrary PHP up...
CVE-2021-47888 Textpattern 4.8.3 - Remote code execution
Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability that allows logged-in users to upload malicious PHP files. Attackers can upload a PHP file with a shell command execution payload and execute arbitrary commands by accessing the uploaded file through ...
CVE-2021-47888 Textpattern 4.8.3 - Remote code execution
Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability that allows logged-in users to upload malicious PHP files. Attackers can upload a PHP file with a shell command execution payload and execute arbitrary commands by accessing the uploaded file through ...
PT-2026-4504
Name of the Vulnerable Software and Affected Versions Textpattern versions prior to 4.8.3 Description Textpattern allows authenticated users to upload malicious PHP files, leading to remote code execution. An attacker can upload a PHP file containing a shell command execution payload and then...
Textpattern security vulnerabilities
Textpattern is a simple yet beautiful blog engine developed by the Textpattern team. Versions of Textpattern prior to 4.8.3 contained security vulnerabilities; these vulnerabilities stemmed from the ability to upload malicious PHP files, which could lead to remote code execution...
CVE-2021-28002
A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page...
📄 Textpattern 4.9.0 Cross Site Scripting
Textpattern CMS version 4.9.0 contains a persistent cross site scripting vulnerability in the administrative interface. The vulnerability allows authenticated attackers with administrative privileges to inject malicious JavaScript payloads into site preferences under the Site URL field, which is...
CVE-2023-53911
Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execute when the article is viewed by other users...
EUVD-2023-60219
Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execute when the article is viewed by other users...
CVE-2023-53911
Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execute when the article is viewed by other users...
CVE-2023-53911
Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execute when the article is viewed by other users...
CVE-2023-53911 Textpattern CMS 4.8.8 Authenticated Stored Cross-Site Scripting via Article Excerpt
Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execute when the article is viewed by other users...
CVE-2023-53911
Summary: CVE-2023-53911 affects Textpattern CMS 4.8.8 with a stored XSS in the article excerpt field. Affected component: article excerpt handling (Textpattern CMS). Root cause / vector: authenticated users can inject JavaScript payloads into the excerpt, which executes when other users view the ...