CVE-2008-5757
Publication date 30 December 2008
Last updated 24 July 2024
Ubuntu priority
Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from third party information.
Notes
sbeattie
despite what the CVE entry says, according to http://www.securityfocus.com/archive/1/archive/1/487483/100/200/threaded and http://textpattern.googlecode.com/svn/releases/4.2.0/source/HISTORY.txt this was fixed in 4.0.6