PT-2021-17708 · Unknown · Textpattern Cms

Published

2021-08-19

Updated

2021-08-23

CVE-2021-28002

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Textpattern CMS version 4.9.0

Description: A persistent cross-site scripting issue was discovered in the Excerpt parameter of Textpattern CMS, allowing remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The issue is triggered when users visit the 'Articles' page.

Recommendations: For Textpattern CMS version 4.9.0, consider disabling the Excerpt parameter in the URL field as a temporary workaround until a patch is available. Restrict access to the 'Articles' page to minimize the risk of exploitation. Avoid using the Excerpt parameter in the affected URL field until the issue is resolved.

Exploit

Fix

RCE

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-28002

Affected Products

Textpattern Cms

PT-2021-17708 · Unknown · Textpattern Cms

CVE-2021-28002

Weakness Enumeration

Related Identifiers

Affected Products

References · 7