Cross-Site Scripting Vulnerability in Textpattern by Textpattern
CVE-2021-44082

8.3HIGH

Key Information:

Vendor

Textpattern

Status
Textpattern
Vendor
CVE Published:
29 March 2022

What is CVE-2021-44082?

Textpattern version 4.8.7 contains a vulnerability that allows unauthenticated attackers to exploit Cross-Site Scripting (XSS). By accessing the /textpattern/index.php endpoint, an attacker can steal the CSRF token needed for malicious file uploads. This weakness could lead to remote code execution if a webshell is uploaded, compromising the integrity and security of affected systems. Precautionary measures should be taken to safeguard against these types of vulnerabilities.

References

https://www.pentest.co.uk
x_refsource_MISC
https://www.cornerpirate.com
x_refsource_MISC
https://pentest.co.uk/labs/leveraging-xss-to-get-rce-in-t...
x_refsource_MISC

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.