Typecho
CVE-2023-27130
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via an arbitrarily supplied URL parameter.
AnalysisAI
Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via an arbitrarily supplied URL parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via an arbitrarily supplied URL parameter. Affected products include: Typecho.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via install.php. Rated critic
Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF.
A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or
A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and opt
Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xml
Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. Rated medium se
In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payl
A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML v
A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or
Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP
A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Rated medium severity (CVSS 5.3),
A vulnerability classified as problematic has been found in Typecho 1.2.1. Rated medium severity (CVSS 4.8), this vulner
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today