Candidate: CVE-2008-5757
PublicDate: 2008-12-30 19:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5757
Description:
 Cross-site scripting (XSS) vulnerability in textarea/index.php in
 Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated
 users to inject arbitrary web script or HTML via the Body parameter in an
 article action.  NOTE: some of these details are obtained from third party
 information.
Ubuntu-Description:
Notes:
 sbeattie> despite what the CVE entry says, according to
 sbeattie> http://www.securityfocus.com/archive/1/archive/1/487483/100/200/threaded
 sbeattie> and
 sbeattie> http://textpattern.googlecode.com/svn/releases/4.2.0/source/HISTORY.txt
 sbeattie> this was fixed in 4.0.6
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_textpattern:
upstream_textpattern: needs-triage
dapper_textpattern: DNE
gutsy_textpattern: DNE
hardy_textpattern: ignored (reached end-of-life)
intrepid_textpattern: needed (reached end-of-life)
jaunty_textpattern: ignored (reached end-of-life)
karmic_textpattern: ignored (reached end-of-life)
lucid_textpattern: not-affected (4.0.6-5)
maverick_textpattern: not-affected (4.0.6-5)
natty_textpattern: not-affected (4.0.6-5)
oneiric_textpattern: not-affected (4.0.6-5)
devel_textpattern: not-affected (4.0.6-5)