A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page.
References
Link | Resource |
---|---|
https://www.exploit-db.com/exploits/49617 | Exploit Third Party Advisory VDB Entry |
https://www.linkedin.com/in/tushar-vaidya-2111s5/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-08-19T13:50:17
Updated: 2021-08-19T13:50:17
Reserved: 2021-03-05T00:00:00
Link: CVE-2021-28002
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-19T14:39:31.757
Modified: 2021-08-23T15:02:01.163
Link: CVE-2021-28002
JSON object: View
Redhat Information
No data.
CWE