This host is installed with Textpattern and is prone to cross site scripting vulnerability.

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Upgrade Textpattern 4.5.7 or later, For updates refer to http://textpattern.com

The flaw exists due to insufficient sanitization of input data passed via URI after '/textpattern/setup/index.php' script.

Textpattern version 4.5.5 and probably prior

Send a crafted request via HTTP GET and check whether it is able to read cookie or not.

• http://packetstormsecurity.com/files/128519/
• http://textpattern.com/weblog/379/textpattern-cms-457-released-ten-years-on
• http://www.securityfocus.com/archive/1/archive/1/533596/100/0/threaded
• http://xforce.iss.net/xforce/xfdb/96802
• https://www.htbridge.com/advisory/HTB23223

---

Updated on 2015-03-25