CVE-2008-5757

Textpattern <4.0.6 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from third party information.

References (3)

[Vendor Advisory] http://secunia.com/advisories/28793

[Exploit] http://www.securityfocus.com/bid/27606

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/487483/100/200/threaded

Scores

EPSS 0.0021

EPSS Percentile 43.1%

Classification

CWE

CWE-79

Status published

Affected Products (7)

textpattern/textpattern < 4.0.6

textpattern/textpattern

n/a/n/a

Timeline

Published Dec 30, 2008

Tracked Since Feb 18, 2026