Primary

Context

Textpattern CMS Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in Textpattern CMS version 4.8.8. This issue resides in the article excerpt field, allowing authenticated users to inject malicious JavaScript scripts. The injected scripts execute when the article is viewed by other users.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the article.

Reproduction

To reproduce this vulnerability, log into an account with access to the admin panel. Navigate to the 'Content' section and select 'Articles'. Open an article for editing and locate the 'Excerpt' field. Insert a script payload, such as a JavaScript alert, into the excerpt. Save the article and then view it on the site. The script will execute, demonstrating the cross-site scripting vulnerability.

Added: Dec 17, 2025, 11:44 PM

Updated: Dec 17, 2025, 11:44 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.7

exploitability

6.5

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.7

exploitability

6.5

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Textpattern CMS Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Textpattern CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating