← Back

Typemill

typemill

Vendor: Typemill • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-24127
1Typemill
1Typemill
Feb 2, 2026
Jan 23, 2026
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The...Show more
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.Show less
CVE-2022-28053
1Typemill
1Typemill
Jun 17, 2026
Apr 25, 2022
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.