Home/Product/typecho
Product

typecho

18 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-46494
all versions
A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a craft
5.4MEDIUM
 CVE-2024-57369
all versions
Clickjacking vulnerability in typecho v1.2.1.
6.4MEDIUM
 CVE-2024-35540
<= 1.2.1
A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via
9.0CRITICAL
 CVE-2024-35539
all versions
Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows
6.5MEDIUM
 CVE-2024-35538
all versions
Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses
5.3MEDIUM
 CVE-2023-6615
all versions
A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Affected by this issue is some unknown func
3.5LOW
 CVE-2023-6614
all versions
A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this vulnerability is an unknown functionality o
2.7LOW
 CVE-2023-6613
all versions
A vulnerability classified as problematic has been found in Typecho 1.2.1. Affected is an unknown function of the file /admin/opti
2.4LOW
 CVE-2023-49967
all versions
Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc.
7.5HIGH
 CVE-2023-36299
all versions
A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-gener
8.8HIGH
 CVE-2020-21038
all versions
Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php.
6.1MEDIUM
 CVE-2023-30184
<= 1.2.0
A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via
5.4MEDIUM
 CVE-2023-27711
<= 1.2.0
Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via the Comment Man
4.8MEDIUM
 CVE-2023-27131
<= 1.2.0
Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code viathe Post Editorp
4.8MEDIUM
 CVE-2023-27130
<= 1.2.0
Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via an arbitrarily
4.8MEDIUM
 CVE-2023-24114
< 1.2.0
typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via install.php.
9.8CRITICAL
 CVE-2018-18753
all versions
Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF.
9.8CRITICAL
 CVE-2017-16230
<= 1.1
In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payload in the
5.4MEDIUM
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh