Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Typesetter
(Typesettercms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 11 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-09-19 | CVE-2020-25790 | Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2 | Typesetter | 7.2 | ||
| 2020-12-11 | CVE-2020-35126 | Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy. | Typesetter | 4.8 | ||
| 2021-06-21 | CVE-2020-19511 | Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in index.php/Admin/Classes, | Typesetter | 6.1 | ||
| 2022-03-25 | CVE-2022-25523 | TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request. | Typesetter | 8.8 | ||
| 2020-01-05 | CVE-2019-20077 | The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this vulnerability. | Typesetter | N/A | ||
| 2019-05-13 | CVE-2018-16639 | Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation. | Typesetter | 5.4 | ||
| 2019-05-13 | CVE-2018-16626 | index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name. | Typesetter | 4.8 | ||
| 2019-05-13 | CVE-2018-16625 | index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. | Typesetter | 4.8 | ||
| 2019-05-09 | CVE-2018-20837 | include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS. | Typesetter | 4.8 | ||
| 2018-02-12 | CVE-2018-6889 | An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache or perform advanced password reset attacks or even trigger arbitrary user re-direction. | Typesetter | 8.8 |