Cross-Site Scripting Vulnerability in Textpattern CMS by Textpattern
CVE-2011-5019

Currently unrated

Key Information:

Vendor: Textpattern
Status: Textpattern
Vendor: CVE Published:; 5 January 2012

🔔 Create Textpattern Vulnerability Alert

What is CVE-2011-5019?

An XSS vulnerability exists in the setup/index.php file of Textpattern CMS 4.4.1 when the system is not completely installed. This flaw allows remote attackers to exploit the ddb parameter, injecting arbitrary web scripts or HTML. Such vulnerabilities can lead to unauthorized actions on behalf of users and expose sensitive information. Proper installation and security measures are critical in mitigating these risks.

References

http://www.securityfocus.com/bid/51254

vdb-entryx_refsource_BID

http://archives.neohapsis.com/archives/bugtraq/2012-01/00...

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/72102

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 5, 2012
Vulnerability Reserved
Dec 27, 2011

CVE-2011-5019 Data

JSON