Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown

CVE-2021-40658

Disclosure Date: June 14, 2022 (last updated February 23, 2025)
Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-44082

Disclosure Date: March 29, 2022 (last updated February 23, 2025)
textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0