CVE-2023-53911

MEDIUM

Textpattern CMS 4.8.8 - Authenticated Stored Cross-Site Scripting in Article Excerpt Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53911. PoCs published by tmrswrr.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Textpattern CMS v4.8.8 by injecting a malicious script into the 'Excerpt' field of an article, which executes when the article is viewed. The payload is delivered via a multipart/form-data POST request to the admin interface.

Description

Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execute when the article is viewed by other users.

Exploits (1)

exploitdb WORKING POC
by tmrswrr · textwebappsphp
https://www.exploit-db.com/exploits/51523

This exploit demonstrates a stored XSS vulnerability in Textpattern CMS v4.8.8 by injecting a malicious script into the 'Excerpt' field of an article, which executes when the article is viewed. The payload is delivered via a multipart/form-data POST request to the admin interface.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Textpattern CMS v4.8.8
Auth required
Prerequisites: Authenticated access to the Textpattern CMS admin panel · Permission to edit articles
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit
https://www.exploit-db.com/exploits/51523
Product product
https://textpattern.com/

Scores

CVSS v3 5.4
EPSS 0.0026
EPSS Percentile 16.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
textpattern/textpattern 4.8.8
Tmrswrr/Textpattern CMS 4.8.8
Published Dec 17, 2025
Tracked Since Feb 18, 2026