Описание
textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request.
Ссылки
- ExploitThird Party Advisory
- Not Applicable
- Third Party Advisory
- ExploitThird Party Advisory
- Not Applicable
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:textpattern:textpattern:4.8.7:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03477
Низкий
8.3 High
CVSS3
5.1 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 8.3
debian
почти 4 года назад
textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /tex ...
CVSS3: 8.3
github
почти 4 года назад
textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request.
EPSS
Процентиль: 87%
0.03477
Низкий
8.3 High
CVSS3
5.1 Medium
CVSS2
Дефекты
CWE-79