CVE-2023-53911

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-53911
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53911.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-53911
Published
2025-12-17T23:15:49.497Z
Modified
2026-04-10T05:07:01.523165Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execute when the article is viewed by other users.

References

Affected packages

Git / github.com/textpattern/textpattern

Affected ranges

Type
GIT
Repo
https://github.com/textpattern/textpattern
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b90acf00e63e2be98f81e1cde58a5bea4b31dee9
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.8.8-NA"
        }
    ]
}

Affected versions

4.*
4.2.0
4.3.0
4.4.0
4.4.1
4.5.0
4.5.1
4.5.2
4.6.0
4.6.0-beta
4.6.0-beta.2
4.6.0-beta.3
4.7.0
4.7.0-beta
4.7.0-beta.2
4.7.0-beta.3
4.7.0-rc.1
4.7.2
4.8.0-beta.2
4.8.1
4.8.2
4.8.3
4.8.4
4.8.5
4.8.6
4.8.7
4.8.8
4.8.8-beta.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53911.json"