CVE-2008-5757

Cross-site scripting XSS vulnerability in textarea/index.php in Textpattern aka Txp CMS 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from third party information...

CVE-2008-5757

Textpattern (Txp CMS) 4.0.6 and earlier is affected by a cross-site scripting (XSS) vulnerability in textarea/index.php. The issue allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. The vulnerability is triggered through Form/body...

CVE-2008-5670

Textpattern (Txp CMS) 4.0.5 is affected by a vulnerability in the password reset workflow: it does not require the old password, enabling a password change after session hijacking. This is documented across multiple sources (NVD/NVD-derived entries). Impact described as allowing remote attackers ...

CVE-2008-5669

CVE-2008-5669 affects Textpattern (Txp CMS) 4.0.5. The vulnerability lies in index.php used by the comments preview section, where a long message parameter can be sent by an attacker to trigger a denial of service. The available connected documents confirm the affected product/version and the att...