CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Textpattern: >> Textpattern >> 4.9.0 Security Vulnerabilities

CVE-2026-32986

Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting improper sanitization of user-supplied input in Atom feed XML elements. Attackers can embed unescaped payloads in parameters such as category that are reflected into Atom fields like and , which execute as JavaScript when feed readers or CMS aggregators consume the feed and insert content into the DOM using unsafe methods.

CVSS Score

5.1

EPSS Score

0.0

Published

2026-03-20

CVE-2021-28002

A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page.

CVSS Score

5.4

EPSS Score

0.002

Published

2021-08-19

Page 1

Vulnerabilities

Vulnerable Software

Textpattern: >> Textpattern >> 4.9.0 Security Vulnerabilities

Products

Pricing

Contact Us