CVE-2021-44082

textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request.

CVSS v3 8.3 HIGH
CVSS v2.0 5.1 MEDIUM

8.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

5.1^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://pentest.co.uk/labs/leveraging-xss-to-get-rce-in-textpattern/	Exploit Third Party Advisory
https://www.cornerpirate.com	Not Applicable
https://www.pentest.co.uk	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:textpattern:textpattern:4.8.7:*:*:*:*:*:*:*

History

06 Apr 2022, 18:41

Type	Values Removed	Values Added
CWE		CWE-79
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.1 v3 : 8.3
CPE		cpe:2.3:a:textpattern:textpattern:4.8.7:::::::*
References	~~(MISC) https://www.cornerpirate.com -~~	(MISC) https://www.cornerpirate.com - Not Applicable
References	~~(MISC) https://pentest.co.uk/labs/leveraging-xss-to-get-rce-in-textpattern/ -~~	(MISC) https://pentest.co.uk/labs/leveraging-xss-to-get-rce-in-textpattern/ - Exploit, Third Party Advisory
References	~~(MISC) https://www.pentest.co.uk -~~	(MISC) https://www.pentest.co.uk - Third Party Advisory
First Time		Textpattern Textpattern textpattern

29 Mar 2022, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-03-29 23:15

Updated : 2023-12-10 14:22

NVD link : CVE-2021-44082

Mitre link : CVE-2021-44082

CVE.ORG link : CVE-2021-44082

JSON object : View

Products Affected

textpattern

textpattern

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2021-44082", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.6}]}, "published": "2022-03-29T23:15:07.723", "references": [{"url": "https://pentest.co.uk/labs/leveraging-xss-to-get-rce-in-textpattern/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.cornerpirate.com", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "https://www.pentest.co.uk", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request."}, {"lang": "es", "value": "textpattern versi\u00f3n 4.8.7, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio de /textpattern/index.php,Body. Un atacante remoto y no autenticado puede usar el ataque de tipo XSS para desencadenar una ejecuci\u00f3n de c\u00f3digo remota mediante la carga de un webshell. Para ello, primero deben robar el token de tipo CSRF antes de enviar una petici\u00f3n de carga de archivos"}], "lastModified": "2022-04-06T18:41:09.427", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:textpattern:textpattern:4.8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C52CC79C-849F-4351-AA0C-A17C345E4674"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}