Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Typesettercms Subscribe
Total 11 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25790 1 Typesettercms 1 Typesetter 2022-11-16 6.5 MEDIUM 7.2 HIGH
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2.
CVE-2022-25523 1 Typesettercms 1 Typesetter 2022-03-29 6.8 MEDIUM 8.8 HIGH
TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request.
CVE-2020-19511 1 Typesettercms 1 Typesetter 2021-06-24 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in index.php/Admin/Classes,
CVE-2020-35126 1 Typesettercms 1 Typesetter 2020-12-14 3.5 LOW 4.8 MEDIUM
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy."
CVE-2019-20077 1 Typesettercms 1 Typesetter 2020-01-09 4.3 MEDIUM 4.3 MEDIUM
The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this vulnerability.
CVE-2018-16626 1 Typesettercms 1 Typesetter 2019-05-13 3.5 LOW 4.8 MEDIUM
index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name.
CVE-2018-16625 1 Typesettercms 1 Typesetter 2019-05-13 3.5 LOW 4.8 MEDIUM
index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
CVE-2018-16639 1 Typesettercms 1 Typesetter 2019-05-13 3.5 LOW 5.4 MEDIUM
Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation.
CVE-2018-20837 1 Typesettercms 1 Typesetter 2019-05-10 3.5 LOW 4.8 MEDIUM
include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS.
CVE-2018-6888 1 Typesettercms 1 Typesetter 2018-03-06 6.0 MEDIUM 8.0 HIGH
An issue was discovered in Typesetter 5.1. The User Permissions page (aka Admin/Users) suffers from critical flaw of Cross Site Request forgery: using a forged HTTP request, a malicious user can lead a user to unknowingly create / delete or modify a user account due to the lack of an anti-CSRF token.
CVE-2018-6889 1 Typesettercms 1 Typesetter 2018-03-06 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache or perform advanced password reset attacks or even trigger arbitrary user re-direction.