Multiple cross-site scripting (XSS) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to inject arbitrary web script or HTML via vectors involving templates, a different issue than CVE-2012-1262.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| movabletype | movable_type_open_source | 4.36 |
| movabletype | movable_type_pro | 4.261 |
| movabletype | movable_type_enterprise | 4.261 |
| movabletype | movable_type_advanced | 4.34 |
| movabletype | movable_type_pro | 4.3 |
| movabletype | movable_type_enterprise | 4.34 |
| movabletype | movable_type_pro | 4.0 |
| movabletype | movable_type_advanced | * |
| movabletype | movable_type_pro | 5.11 |
| movabletype | movable_type_open_source | 4.31 |
| movabletype | movable_type_advanced | 5.02 |
| movabletype | movable_type_advanced | 5.1 |
| movabletype | movable_type_enterprise | 4.1 |
| movabletype | movable_type_advanced | 4.35 |
| movabletype | movable_type_open_source | 4.26 |
| movabletype | movable_type_enterprise | 4.01 |
| movabletype | movable_type_open_source | 5.12 |
| movabletype | movable_type_pro | 5.051 |
| movabletype | movable_type_enterprise | 5.12 |
| movabletype | movable_type_open_source | 4.3 |
| movabletype | movable_type_pro | 4.26 |
| movabletype | movable_type_pro | 5.031 |
| movabletype | movable_type_advanced | 5.03 |
| movabletype | movable_type_open_source | 4.35 |
| movabletype | movable_type_open_source | 5.031 |
| movabletype | movable_type_pro | 4.36 |
| movabletype | movable_type_open_source | 5.05 |
| movabletype | movable_type_advanced | 4.01 |
| movabletype | movable_type_advanced | 4.261 |
| movabletype | movable_type_pro | 5.05 |
| movabletype | movable_type_enterprise | 5.051 |
| movabletype | movable_type_advanced | 5.04 |
| movabletype | movable_type_enterprise | 5.02 |
| movabletype | movable_type_advanced | 4.26 |
| movabletype | movable_type_enterprise | 5.031 |
| movabletype | movable_type_advanced | 5.11 |
| movabletype | movable_type_pro | 4.32 |
| movabletype | movable_type_enterprise | 5.04 |
| movabletype | movable_type_pro | 4.33 |
| movabletype | movable_type_open_source | 4.01 |
| movabletype | movable_type_advanced | 4.361 |
| movabletype | movable_type_enterprise | 4.361 |
| movabletype | movable_type_pro | 5.02 |
| movabletype | movable_type_advanced | 4.1 |
| movabletype | movable_type_advanced | 4.3 |
| movabletype | movable_type_enterprise | 5.05 |
| movabletype | movable_type_open_source | 5.1 |
| movabletype | movable_type_enterprise | 4.35 |
| movabletype | movable_type_open_source | 4.0 |
| movabletype | movable_type_open_source | 4.1 |
| movabletype | movable_type_enterprise | 5.1 |
| movabletype | movable_type_open_source | 5.11 |
| movabletype | movable_type_advanced | 4.33 |
| movabletype | movable_type_enterprise | 4.2 |
| movabletype | movable_type_pro | 4.35 |
| movabletype | movable_type_pro | 4.31 |
| movabletype | movable_type_enterprise | 4.26 |
| movabletype | movable_type_enterprise | 4.36 |
| movabletype | movable_type_advanced | 4.23 |
| movabletype | movable_type_advanced | 4.36 |
| movabletype | movable_type_advanced | 5.05 |
| movabletype | movable_type_open_source | 4.33 |
| movabletype | movable_type_enterprise | 4.32 |
| movabletype | movable_type_pro | 4.01 |
| movabletype | movable_type_pro | 4.1 |
| movabletype | movable_type_advanced | 5.031 |
| movabletype | movable_type_enterprise | 4.3 |
| movabletype | movable_type_open_source | 4.34 |
| movabletype | movable_type_enterprise | 4.0 |
| movabletype | movable_type_pro | 5.12 |
| movabletype | movable_type_open_source | * |
| movabletype | movable_type_pro | 5.04 |
| movabletype | movable_type_advanced | 5.051 |
| movabletype | movable_type_advanced | 5.12 |
| movabletype | movable_type_advanced | 4.25 |
| movabletype | movable_type_enterprise | 5.06 |
| movabletype | movable_type_advanced | 4.32 |
| movabletype | movable_type_pro | 4.25 |
| movabletype | movable_type_pro | 5.03 |
| movabletype | movable_type_pro | 4.34 |
| movabletype | movable_type_enterprise | 4.25 |
| movabletype | movable_type_open_source | 4.23 |
| movabletype | movable_type_enterprise | 4.23 |
| movabletype | movable_type_open_source | 4.361 |
| movabletype | movable_type_enterprise | 5.11 |
| movabletype | movable_type_pro | 4.361 |
| movabletype | movable_type_enterprise | 5.03 |
| movabletype | movable_type_open_source | 5.06 |
| movabletype | movable_type_open_source | 4.261 |
| movabletype | movable_type_enterprise | 4.33 |
| movabletype | movable_type_pro | 4.23 |
| movabletype | movable_type_advanced | 4.2 |
| movabletype | movable_type_pro | 4.2 |
| movabletype | movable_type_open_source | 5.03 |
| movabletype | movable_type_advanced | 4.31 |
| movabletype | movable_type_enterprise | * |
| movabletype | movable_type_advanced | 4.0 |
| movabletype | movable_type_advanced | 5.06 |
| movabletype | movable_type_open_source | 4.2 |
| movabletype | movable_type_open_source | 4.32 |
| movabletype | movable_type_open_source | 5.02 |
| movabletype | movable_type_open_source | 5.051 |
| movabletype | movable_type_open_source | 5.04 |
| movabletype | movable_type_pro | * |
| movabletype | movable_type_open_source | 4.25 |
| movabletype | movable_type_pro | 5.06 |
| movabletype | movable_type_enterprise | 4.31 |
| movabletype | movable_type_pro | 5.1 |
The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an "OS Command Injection" issue.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| movabletype | movable_type_open_source | 4.36 |
| movabletype | movable_type_pro | 4.261 |
| movabletype | movable_type_enterprise | 4.261 |
| movabletype | movable_type_advanced | 4.34 |
| movabletype | movable_type_pro | 4.3 |
| movabletype | movable_type_enterprise | 4.34 |
| movabletype | movable_type_pro | 4.0 |
| movabletype | movable_type_advanced | * |
| movabletype | movable_type_pro | 5.11 |
| movabletype | movable_type_open_source | 4.31 |
| movabletype | movable_type_advanced | 5.02 |
| movabletype | movable_type_advanced | 5.1 |
| movabletype | movable_type_enterprise | 4.1 |
| movabletype | movable_type_advanced | 4.35 |
| movabletype | movable_type_open_source | 4.26 |
| movabletype | movable_type_enterprise | 4.01 |
| movabletype | movable_type_open_source | 5.12 |
| movabletype | movable_type_pro | 5.051 |
| movabletype | movable_type_enterprise | 5.12 |
| movabletype | movable_type_open_source | 4.3 |
| movabletype | movable_type_pro | 4.26 |
| movabletype | movable_type_pro | 5.031 |
| movabletype | movable_type_advanced | 5.03 |
| movabletype | movable_type_open_source | 4.35 |
| movabletype | movable_type_open_source | 5.031 |
| movabletype | movable_type_pro | 4.36 |
| movabletype | movable_type_open_source | 5.05 |
| movabletype | movable_type_advanced | 4.01 |
| movabletype | movable_type_advanced | 4.261 |
| movabletype | movable_type_pro | 5.05 |
| movabletype | movable_type_enterprise | 5.051 |
| movabletype | movable_type_advanced | 5.04 |
| movabletype | movable_type_enterprise | 5.02 |
| movabletype | movable_type_advanced | 4.26 |
| movabletype | movable_type_enterprise | 5.031 |
| movabletype | movable_type_advanced | 5.11 |
| movabletype | movable_type_pro | 4.32 |
| movabletype | movable_type_enterprise | 5.04 |
| movabletype | movable_type_pro | 4.33 |
| movabletype | movable_type_open_source | 4.01 |
| movabletype | movable_type_advanced | 4.361 |
| movabletype | movable_type_enterprise | 4.361 |
| movabletype | movable_type_pro | 5.02 |
| movabletype | movable_type_advanced | 4.1 |
| movabletype | movable_type_advanced | 4.3 |
| movabletype | movable_type_enterprise | 5.05 |
| movabletype | movable_type_open_source | 5.1 |
| movabletype | movable_type_enterprise | 4.35 |
| movabletype | movable_type_open_source | 4.0 |
| movabletype | movable_type_open_source | 4.1 |
| movabletype | movable_type_enterprise | 5.1 |
| movabletype | movable_type_open_source | 5.11 |
| movabletype | movable_type_advanced | 4.33 |
| movabletype | movable_type_enterprise | 4.2 |
| movabletype | movable_type_pro | 4.35 |
| movabletype | movable_type_pro | 4.31 |
| movabletype | movable_type_enterprise | 4.26 |
| movabletype | movable_type_enterprise | 4.36 |
| movabletype | movable_type_advanced | 4.23 |
| movabletype | movable_type_advanced | 4.36 |
| movabletype | movable_type_advanced | 5.05 |
| movabletype | movable_type_open_source | 4.33 |
| movabletype | movable_type_enterprise | 4.32 |
| movabletype | movable_type_pro | 4.01 |
| movabletype | movable_type_pro | 4.1 |
| movabletype | movable_type_advanced | 5.031 |
| movabletype | movable_type_enterprise | 4.3 |
| movabletype | movable_type_open_source | 4.34 |
| movabletype | movable_type_enterprise | 4.0 |
| movabletype | movable_type_pro | 5.12 |
| movabletype | movable_type_open_source | * |
| movabletype | movable_type_pro | 5.04 |
| movabletype | movable_type_advanced | 5.051 |
| movabletype | movable_type_advanced | 5.12 |
| movabletype | movable_type_advanced | 4.25 |
| movabletype | movable_type_enterprise | 5.06 |
| movabletype | movable_type_advanced | 4.32 |
| movabletype | movable_type_pro | 4.25 |
| movabletype | movable_type_pro | 5.03 |
| movabletype | movable_type_pro | 4.34 |
| movabletype | movable_type_enterprise | 4.25 |
| movabletype | movable_type_open_source | 4.23 |
| movabletype | movable_type_enterprise | 4.23 |
| movabletype | movable_type_open_source | 4.361 |
| movabletype | movable_type_enterprise | 5.11 |
| movabletype | movable_type_pro | 4.361 |
| movabletype | movable_type_enterprise | 5.03 |
| movabletype | movable_type_open_source | 5.06 |
| movabletype | movable_type_open_source | 4.261 |
| movabletype | movable_type_enterprise | 4.33 |
| movabletype | movable_type_pro | 4.23 |
| movabletype | movable_type_advanced | 4.2 |
| movabletype | movable_type_pro | 4.2 |
| movabletype | movable_type_open_source | 5.03 |
| movabletype | movable_type_advanced | 4.31 |
| movabletype | movable_type_enterprise | * |
| movabletype | movable_type_advanced | 4.0 |
| movabletype | movable_type_advanced | 5.06 |
| movabletype | movable_type_open_source | 4.2 |
| movabletype | movable_type_open_source | 4.32 |
| movabletype | movable_type_open_source | 5.02 |
| movabletype | movable_type_open_source | 5.051 |
| movabletype | movable_type_open_source | 5.04 |
| movabletype | movable_type_pro | * |
| movabletype | movable_type_open_source | 4.25 |
| movabletype | movable_type_pro | 5.06 |
| movabletype | movable_type_enterprise | 4.31 |
| movabletype | movable_type_pro | 5.1 |
Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the dbuser parameter, a different vulnerability than CVE-2012-0318.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| movabletype | movable_type_open_source | 4.36 |
| movabletype | movable_type_pro | 4.261 |
| movabletype | movable_type_enterprise | 4.261 |
| movabletype | movable_type_advanced | 4.34 |
| movabletype | movable_type_pro | 4.3 |
| movabletype | movable_type_enterprise | 4.34 |
| movabletype | movable_type_pro | 4.0 |
| movabletype | movable_type_advanced | * |
| movabletype | movable_type_pro | 5.11 |
| movabletype | movable_type_open_source | 4.31 |
| movabletype | movable_type_advanced | 5.02 |
| movabletype | movable_type_advanced | 5.1 |
| movabletype | movable_type_enterprise | 4.1 |
| movabletype | movable_type_advanced | 4.35 |
| movabletype | movable_type_open_source | 4.26 |
| movabletype | movable_type_enterprise | 4.01 |
| movabletype | movable_type_open_source | 5.12 |
| movabletype | movable_type_pro | 5.051 |
| movabletype | movable_type_enterprise | 5.12 |
| movabletype | movable_type_open_source | 4.3 |
| movabletype | movable_type_pro | 4.26 |
| movabletype | movable_type_pro | 5.031 |
| movabletype | movable_type_advanced | 5.03 |
| movabletype | movable_type_open_source | 4.35 |
| movabletype | movable_type_open_source | 5.031 |
| movabletype | movable_type_pro | 4.36 |
| movabletype | movable_type_open_source | 5.05 |
| movabletype | movable_type_advanced | 4.01 |
| movabletype | movable_type_advanced | 4.261 |
| movabletype | movable_type_pro | 5.05 |
| movabletype | movable_type_enterprise | 5.051 |
| movabletype | movable_type_advanced | 5.04 |
| movabletype | movable_type_enterprise | 5.02 |
| movabletype | movable_type_advanced | 4.26 |
| movabletype | movable_type_enterprise | 5.031 |
| movabletype | movable_type_advanced | 5.11 |
| movabletype | movable_type_pro | 4.32 |
| movabletype | movable_type_enterprise | 5.04 |
| movabletype | movable_type_pro | 4.33 |
| movabletype | movable_type_open_source | 4.01 |
| movabletype | movable_type_advanced | 4.361 |
| movabletype | movable_type_enterprise | 4.361 |
| movabletype | movable_type_pro | 5.02 |
| movabletype | movable_type_advanced | 4.1 |
| movabletype | movable_type_advanced | 4.3 |
| movabletype | movable_type_enterprise | 5.05 |
| movabletype | movable_type_open_source | 5.1 |
| movabletype | movable_type_enterprise | 4.35 |
| movabletype | movable_type_open_source | 4.0 |
| movabletype | movable_type_open_source | 4.1 |
| movabletype | movable_type_enterprise | 5.1 |
| movabletype | movable_type_open_source | 5.11 |
| movabletype | movable_type_advanced | 4.33 |
| movabletype | movable_type_enterprise | 4.2 |
| movabletype | movable_type_pro | 4.35 |
| movabletype | movable_type_pro | 4.31 |
| movabletype | movable_type_enterprise | 4.26 |
| movabletype | movable_type_enterprise | 4.36 |
| movabletype | movable_type_advanced | 4.23 |
| movabletype | movable_type_advanced | 4.36 |
| movabletype | movable_type_advanced | 5.05 |
| movabletype | movable_type_open_source | 4.33 |
| movabletype | movable_type_enterprise | 4.32 |
| movabletype | movable_type_pro | 4.01 |
| movabletype | movable_type_pro | 4.1 |
| movabletype | movable_type_advanced | 5.031 |
| movabletype | movable_type_enterprise | 4.3 |
| movabletype | movable_type_open_source | 4.34 |
| movabletype | movable_type_enterprise | 4.0 |
| movabletype | movable_type_pro | 5.12 |
| movabletype | movable_type_open_source | * |
| movabletype | movable_type_pro | 5.04 |
| movabletype | movable_type_advanced | 5.051 |
| movabletype | movable_type_advanced | 5.12 |
| movabletype | movable_type_advanced | 4.25 |
| movabletype | movable_type_enterprise | 5.06 |
| movabletype | movable_type_advanced | 4.32 |
| movabletype | movable_type_pro | 4.25 |
| movabletype | movable_type_pro | 5.03 |
| movabletype | movable_type_pro | 4.34 |
| movabletype | movable_type_enterprise | 4.25 |
| movabletype | movable_type_open_source | 4.23 |
| movabletype | movable_type_enterprise | 4.23 |
| movabletype | movable_type_open_source | 4.361 |
| movabletype | movable_type_enterprise | 5.11 |
| movabletype | movable_type_pro | 4.361 |
| movabletype | movable_type_enterprise | 5.03 |
| movabletype | movable_type_open_source | 5.06 |
| movabletype | movable_type_open_source | 4.261 |
| movabletype | movable_type_enterprise | 4.33 |
| movabletype | movable_type_pro | 4.23 |
| movabletype | movable_type_advanced | 4.2 |
| movabletype | movable_type_pro | 4.2 |
| movabletype | movable_type_open_source | 5.03 |
| movabletype | movable_type_advanced | 4.31 |
| movabletype | movable_type_enterprise | * |
| movabletype | movable_type_advanced | 4.0 |
| movabletype | movable_type_advanced | 5.06 |
| movabletype | movable_type_open_source | 4.2 |
| movabletype | movable_type_open_source | 4.32 |
| movabletype | movable_type_open_source | 5.02 |
| movabletype | movable_type_open_source | 5.051 |
| movabletype | movable_type_open_source | 5.04 |
| movabletype | movable_type_pro | * |
| movabletype | movable_type_open_source | 4.25 |
| movabletype | movable_type_pro | 5.06 |
| movabletype | movable_type_enterprise | 4.31 |
| movabletype | movable_type_pro | 5.1 |
The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| movabletype | movable_type_open_source | 4.36 |
| movabletype | movable_type_pro | 4.261 |
| movabletype | movable_type_enterprise | 4.261 |
| movabletype | movable_type_advanced | 4.34 |
| movabletype | movable_type_pro | 4.3 |
| movabletype | movable_type_enterprise | 4.34 |
| movabletype | movable_type_pro | 4.0 |
| movabletype | movable_type_advanced | * |
| movabletype | movable_type_pro | 5.11 |
| movabletype | movable_type_open_source | 4.31 |
| movabletype | movable_type_advanced | 5.02 |
| movabletype | movable_type_advanced | 5.1 |
| movabletype | movable_type_enterprise | 4.1 |
| movabletype | movable_type_advanced | 4.35 |
| movabletype | movable_type_open_source | 4.26 |
| movabletype | movable_type_enterprise | 4.01 |
| movabletype | movable_type_open_source | 5.12 |
| movabletype | movable_type_pro | 5.051 |
| movabletype | movable_type_enterprise | 5.12 |
| movabletype | movable_type_open_source | 4.3 |
| movabletype | movable_type_pro | 4.26 |
| movabletype | movable_type_pro | 5.031 |
| movabletype | movable_type_advanced | 5.03 |
| movabletype | movable_type_open_source | 4.35 |
| movabletype | movable_type_open_source | 5.031 |
| movabletype | movable_type_pro | 4.36 |
| movabletype | movable_type_open_source | 5.05 |
| movabletype | movable_type_advanced | 4.01 |
| movabletype | movable_type_advanced | 4.261 |
| movabletype | movable_type_pro | 5.05 |
| movabletype | movable_type_enterprise | 5.051 |
| movabletype | movable_type_advanced | 5.04 |
| movabletype | movable_type_enterprise | 5.02 |
| movabletype | movable_type_advanced | 4.26 |
| movabletype | movable_type_enterprise | 5.031 |
| movabletype | movable_type_advanced | 5.11 |
| movabletype | movable_type_pro | 4.32 |
| movabletype | movable_type_enterprise | 5.04 |
| movabletype | movable_type_pro | 4.33 |
| movabletype | movable_type_open_source | 4.01 |
| movabletype | movable_type_advanced | 4.361 |
| movabletype | movable_type_enterprise | 4.361 |
| movabletype | movable_type_pro | 5.02 |
| movabletype | movable_type_advanced | 4.1 |
| movabletype | movable_type_advanced | 4.3 |
| movabletype | movable_type_enterprise | 5.05 |
| movabletype | movable_type_open_source | 5.1 |
| movabletype | movable_type_enterprise | 4.35 |
| movabletype | movable_type_open_source | 4.0 |
| movabletype | movable_type_open_source | 4.1 |
| movabletype | movable_type_enterprise | 5.1 |
| movabletype | movable_type_open_source | 5.11 |
| movabletype | movable_type_advanced | 4.33 |
| movabletype | movable_type_enterprise | 4.2 |
| movabletype | movable_type_pro | 4.35 |
| movabletype | movable_type_pro | 4.31 |
| movabletype | movable_type_enterprise | 4.26 |
| movabletype | movable_type_enterprise | 4.36 |
| movabletype | movable_type_advanced | 4.23 |
| movabletype | movable_type_advanced | 4.36 |
| movabletype | movable_type_advanced | 5.05 |
| movabletype | movable_type_open_source | 4.33 |
| movabletype | movable_type_enterprise | 4.32 |
| movabletype | movable_type_pro | 4.01 |
| movabletype | movable_type_pro | 4.1 |
| movabletype | movable_type_advanced | 5.031 |
| movabletype | movable_type_enterprise | 4.3 |
| movabletype | movable_type_open_source | 4.34 |
| movabletype | movable_type_enterprise | 4.0 |
| movabletype | movable_type_pro | 5.12 |
| movabletype | movable_type_open_source | * |
| movabletype | movable_type_pro | 5.04 |
| movabletype | movable_type_advanced | 5.051 |
| movabletype | movable_type_advanced | 5.12 |
| movabletype | movable_type_advanced | 4.25 |
| movabletype | movable_type_enterprise | 5.06 |
| movabletype | movable_type_advanced | 4.32 |
| movabletype | movable_type_pro | 4.25 |
| movabletype | movable_type_pro | 5.03 |
| movabletype | movable_type_pro | 4.34 |
| movabletype | movable_type_enterprise | 4.25 |
| movabletype | movable_type_open_source | 4.23 |
| movabletype | movable_type_enterprise | 4.23 |
| movabletype | movable_type_open_source | 4.361 |
| movabletype | movable_type_enterprise | 5.11 |
| movabletype | movable_type_pro | 4.361 |
| movabletype | movable_type_enterprise | 5.03 |
| movabletype | movable_type_open_source | 5.06 |
| movabletype | movable_type_open_source | 4.261 |
| movabletype | movable_type_enterprise | 4.33 |
| movabletype | movable_type_pro | 4.23 |
| movabletype | movable_type_advanced | 4.2 |
| movabletype | movable_type_pro | 4.2 |
| movabletype | movable_type_open_source | 5.03 |
| movabletype | movable_type_advanced | 4.31 |
| movabletype | movable_type_enterprise | * |
| movabletype | movable_type_advanced | 4.0 |
| movabletype | movable_type_advanced | 5.06 |
| movabletype | movable_type_open_source | 4.2 |
| movabletype | movable_type_open_source | 4.32 |
| movabletype | movable_type_open_source | 5.02 |
| movabletype | movable_type_open_source | 5.051 |
| movabletype | movable_type_open_source | 5.04 |
| movabletype | movable_type_pro | * |
| movabletype | movable_type_open_source | 4.25 |
| movabletype | movable_type_pro | 5.06 |
| movabletype | movable_type_enterprise | 4.31 |
| movabletype | movable_type_pro | 5.1 |
Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| movabletype | movable_type_premium | * |
| movabletype | movable_type_advanced | * |
| movabletype | movable_type | * |
| movabletype | movable_type_premium_advanced | * |
Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| movabletype | movable_type_premium | * |
| movabletype | movable_type_advanced | * |
| movabletype | movable_type | * |
| movabletype | movable_type_premium_advanced | * |
Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| movabletype | movable_type_premium | * |
| movabletype | movable_type_advanced | * |
| movabletype | movable_type | * |
| movabletype | movable_type_premium_advanced | * |