Disclosure date:  09/12/19

CVE-2019-16238

Afterlogic Aurora v8.3.9-build-a3 and possibly before are affected by a cross site scripting vulnerability that can be leveraged for session hijacking.  An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account.

Vendor notification date:  9/10/19

Vendor has acknowledged the vulnerability and plans to address this issue in the next build.  

See mitigation information at the bottom of this post.

Disclosure date:  9/5/19

CVE-2019-16059

Sentrifugo 3.2 and possibly before are affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection.  This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.

"Textpattern is a free and open-source content management system based on PHP and MySQL, originally developed by Dean Allen and now developed by Team Textpattern. While it is often listed among weblogging tools, its aim is to be a general-purpose content management system suitable for deployment in many contexts."

As far as content management systems go, it's fairly simple to install and it's also quite intuitive if you've used any of the other systems out there.  That said, it has a lot of little bugs that make me wonder what could be found if you really did a deep dive.  Everything I found is on the authenticated side but some of it can impact the unauthenticated visitor.