Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from third party information.
CPE | Name | Operator | Version |
---|---|---|---|
textpattern | eq | 4.0.1 | |
textpattern | eq | 4.0.3 | |
textpattern | le | 4.0.6 | |
textpattern | eq | 4.0.2 | |
textpattern | eq | 4.0.5 | |
textpattern | eq | 4.0.4 |