CVE-2014-4737

Опубликовано: 10 окт. 2014

Источник: debian

Описание

Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
textpattern	removed			package
textpattern	no-dsa		squeeze	package

Примечания

https://github.com/textpattern/textpattern/commit/1206c7d84949a58cd0a2bc4a91ee53a0c8d4daf6
is likely the commit fixing the issue. But it does more than the
strict minimum.

Связанные уязвимости

CVE-2014-4737

ubuntu

больше 11 лет назад

Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.

CVE-2014-4737

nvd

больше 11 лет назад

Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.

GHSA-8g9m-gx79-xjrc

github

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.