Typesettercms Typesetter
14 CVEs affecting Typesettercms Typesetter. Latest disclosed: 2026-01-14. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-25523 | High | 8.8 | 2022-03-25 | TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request. |
CVE-2018-6889 | High | 8.8 | 2018-02-12 | An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache… |
CVE-2018-6888 | High | 8.0 | 2018-02-12 | An issue was discovered in Typesetter 5.1. The User Permissions page (aka Admin/Users) suffers from critical flaw of Cross Site Request forgery: using a forged… |
CVE-2020-25790 | High | 7.2 | 2020-09-19 | Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the signi… |
CVE-2020-19511 | Medium | 6.1 | 2021-06-21 | Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in index.php/Admin/Classes, |
CVE-2025-71166 | Medium | 5.4 | 2026-01-14 | Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the administrative interface within the Tools S… |
CVE-2025-71165 | Medium | 5.4 | 2026-01-14 | Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the administrative interface within the Tools S… |
CVE-2025-71164 | Medium | 5.4 | 2026-01-14 | Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the Editing component. The images parameter (su… |
CVE-2018-16639 | Medium | 5.4 | 2019-05-13 | Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation. |
CVE-2020-35126 | Medium | 4.8 | 2020-12-11 | Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report… |
CVE-2018-16626 | Medium | 4.8 | 2019-05-13 | index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name. |
CVE-2018-16625 | Medium | 4.8 | 2019-05-13 | index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. |
CVE-2018-20837 | Medium | 4.8 | 2019-05-09 | include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS. |
CVE-2019-20077 | Medium | 4.3 | 2020-01-05 | The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An… |