Paul Ritchie

**Name of the Vulnerable Software and Affected Versions** textpattern version 4.8.7 **Description** The issue allows a remote and unauthenticated attacker to trigger remote code execution by uploading a webshell via Cross Site Scripting (XSS) in the "/textpattern/index.php" endpoint, specifically in the `Body` parameter. To exploit this, the attacker must first steal the CSRF token before submitting a file upload request. **Recommendations** For textpattern version 4.8.7, as a temporary workaround, consider disabling the file upload feature in the "/textpattern/index.php" endpoint until a patch is available. Restrict access to the `Body` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.