Candidate: CVE-2008-5668
PublicDate: 2008-12-19 01:52:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5668
 http://textpattern.com/weblog/310/textpattern-406-released
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (aka Txp
 CMS) 4.0.5 allow remote attackers to inject arbitrary web script or HTML
 via (1) the PATH_INFO to setup/index.php or (2) the name parameter to
 index.php in the comments preview section.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_textpattern:
upstream_textpattern: released (4.0.6-1)
dapper_textpattern: DNE
gutsy_textpattern: DNE
hardy_textpattern: ignored (reached end-of-life)
intrepid_textpattern: not-affected (4.0.6-2)
jaunty_textpattern: not-affected (4.0.6-3)
karmic_textpattern: not-affected (4.0.6-3)
lucid_textpattern: not-affected (4.0.6-3)
maverick_textpattern: not-affected (4.0.6-3)
natty_textpattern: not-affected (4.0.6-3)
oneiric_textpattern: not-affected (4.0.6-3)
devel_textpattern: not-affected (4.0.6-3)