Vulnerabilites related to sixapart - movable_type
cve-2014-9057
Vulnerability from cvelistv5
Published
2014-12-16 18:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/61227 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.debian.org/security/2015/dsa-3183 | vendor-advisory, x_refsource_DEBIAN | |
| https://movabletype.org/news/2014/12/6.0.6.html | x_refsource_CONFIRM | |
| https://movabletype.org/documentation/appendices/release-notes/6.0.6.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61227"
},
{
"name": "DSA-3183",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2015/dsa-3183"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://movabletype.org/news/2014/12/6.0.6.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://movabletype.org/documentation/appendices/release-notes/6.0.6.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-20T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "61227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61227"
},
{
"name": "DSA-3183",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2015/dsa-3183"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://movabletype.org/news/2014/12/6.0.6.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://movabletype.org/documentation/appendices/release-notes/6.0.6.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61227"
},
{
"name": "DSA-3183",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2015/dsa-3183"
},
{
"name": "https://movabletype.org/news/2014/12/6.0.6.html",
"refsource": "CONFIRM",
"url": "https://movabletype.org/news/2014/12/6.0.6.html"
},
{
"name": "https://movabletype.org/documentation/appendices/release-notes/6.0.6.html",
"refsource": "CONFIRM",
"url": "https://movabletype.org/documentation/appendices/release-notes/6.0.6.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9057",
"datePublished": "2014-12-16T18:00:00",
"dateReserved": "2014-11-23T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1985
Vulnerability from cvelistv5
Published
2010-05-19 22:00
Modified
2024-09-16 18:54
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000017.html | third-party-advisory, x_refsource_JVNDB | |
| http://www.movabletype.com/blog/2010/05/movable-type-502.html | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2010/1136 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/39741 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.movabletype.org/documentation/appendices/release-notes/movable-type-502.html | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN92854093/index.html | third-party-advisory, x_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:13.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2010-000017",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000017.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.movabletype.com/blog/2010/05/movable-type-502.html"
},
{
"name": "ADV-2010-1136",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1136"
},
{
"name": "39741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39741"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.movabletype.org/documentation/appendices/release-notes/movable-type-502.html"
},
{
"name": "JVN#92854093",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN92854093/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-19T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "JVNDB-2010-000017",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000017.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.movabletype.com/blog/2010/05/movable-type-502.html"
},
{
"name": "ADV-2010-1136",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1136"
},
{
"name": "39741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39741"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.movabletype.org/documentation/appendices/release-notes/movable-type-502.html"
},
{
"name": "JVN#92854093",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN92854093/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2010-000017",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000017.html"
},
{
"name": "http://www.movabletype.com/blog/2010/05/movable-type-502.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.com/blog/2010/05/movable-type-502.html"
},
{
"name": "ADV-2010-1136",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1136"
},
{
"name": "39741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39741"
},
{
"name": "http://www.movabletype.org/documentation/appendices/release-notes/movable-type-502.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/documentation/appendices/release-notes/movable-type-502.html"
},
{
"name": "JVN#92854093",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN92854093/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1985",
"datePublished": "2010-05-19T22:00:00Z",
"dateReserved": "2010-05-19T00:00:00Z",
"dateUpdated": "2024-09-16T18:54:16.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5808
Vulnerability from cvelistv5
Published
2009-01-02 18:00
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to "application management."
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47019 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/32604 | vdb-entry, x_refsource_BID | |
| http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000067.html | third-party-advisory, x_refsource_JVNDB | |
| http://secunia.com/advisories/32935 | third-party-advisory, x_refsource_SECUNIA | |
| http://jvn.jp/en/jp/JVN02216739/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.movabletype.jp/blog/_movable_type_423.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "movable-type-unspecified-xss(47019)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47019"
},
{
"name": "32604",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32604"
},
{
"name": "JVNDB-2008-000067",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000067.html"
},
{
"name": "32935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32935"
},
{
"name": "JVN#02216739",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN02216739/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.movabletype.jp/blog/_movable_type_423.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to \"application management.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "movable-type-unspecified-xss(47019)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47019"
},
{
"name": "32604",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32604"
},
{
"name": "JVNDB-2008-000067",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000067.html"
},
{
"name": "32935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32935"
},
{
"name": "JVN#02216739",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN02216739/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.movabletype.jp/blog/_movable_type_423.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to \"application management.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "movable-type-unspecified-xss(47019)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47019"
},
{
"name": "32604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32604"
},
{
"name": "JVNDB-2008-000067",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000067.html"
},
{
"name": "32935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32935"
},
{
"name": "JVN#02216739",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN02216739/index.html"
},
{
"name": "http://www.movabletype.jp/blog/_movable_type_423.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.jp/blog/_movable_type_423.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5808",
"datePublished": "2009-01-02T18:00:00",
"dateReserved": "2009-01-02T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0752
Vulnerability from cvelistv5
Published
2009-03-03 00:00
Modified
2024-09-16 23:15
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Movable Type Pro and Community Solution 4.x before 4.24 has unknown impact and attack vectors, possibly related to the password recovery mechanism.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.movabletype.com/blog/2009/02/movable-type-424-get-updated-with-better-password-recovery.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:51.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.movabletype.com/blog/2009/02/movable-type-424-get-updated-with-better-password-recovery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Movable Type Pro and Community Solution 4.x before 4.24 has unknown impact and attack vectors, possibly related to the password recovery mechanism."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-03-03T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.movabletype.com/blog/2009/02/movable-type-424-get-updated-with-better-password-recovery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Movable Type Pro and Community Solution 4.x before 4.24 has unknown impact and attack vectors, possibly related to the password recovery mechanism."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.movabletype.com/blog/2009/02/movable-type-424-get-updated-with-better-password-recovery.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.com/blog/2009/02/movable-type-424-get-updated-with-better-password-recovery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0752",
"datePublished": "2009-03-03T00:00:00Z",
"dateReserved": "2009-03-02T00:00:00Z",
"dateUpdated": "2024-09-16T23:15:24.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2492
Vulnerability from cvelistv5
Published
2009-07-17 16:00
Modified
2024-08-07 05:52
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html | third-party-advisory, x_refsource_JVNDB | |
| http://www.securityfocus.com/bid/35885 | vdb-entry, x_refsource_BID | |
| http://jvn.jp/en/jp/JVN86472161/index.html | third-party-advisory, x_refsource_JVN | |
| http://secunia.com/advisories/35534 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2009/1668 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2009-000042",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html"
},
{
"name": "35885",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35885"
},
{
"name": "JVN#86472161",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN86472161/index.html"
},
{
"name": "35534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35534"
},
{
"name": "ADV-2009-1668",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1668"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-08-07T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "JVNDB-2009-000042",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html"
},
{
"name": "35885",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35885"
},
{
"name": "JVN#86472161",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN86472161/index.html"
},
{
"name": "35534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35534"
},
{
"name": "ADV-2009-1668",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1668"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2009-000042",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html"
},
{
"name": "35885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35885"
},
{
"name": "JVN#86472161",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN86472161/index.html"
},
{
"name": "35534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35534"
},
{
"name": "ADV-2009-1668",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1668"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2492",
"datePublished": "2009-07-17T16:00:00",
"dateReserved": "2009-07-17T00:00:00",
"dateUpdated": "2024-08-07T05:52:14.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0672
Vulnerability from cvelistv5
Published
2018-09-04 13:00
Modified
2024-08-05 03:35
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN89550319/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart, Ltd. | Movable Type |
Version: versions prior to Ver. 6.3.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:48.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#89550319",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN89550319/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type",
"vendor": "Six Apart, Ltd.",
"versions": [
{
"status": "affected",
"version": "versions prior to Ver. 6.3.1"
}
]
}
],
"datePublic": "2018-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-04T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#89550319",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN89550319/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Movable Type",
"version": {
"version_data": [
{
"version_value": "versions prior to Ver. 6.3.1"
}
]
}
}
]
},
"vendor_name": "Six Apart, Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#89550319",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN89550319/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0672",
"datePublished": "2018-09-04T13:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:35:48.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5575
Vulnerability from cvelistv5
Published
2020-05-14 01:00
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://movabletype.org/news/2020/05/mt-730-660-6312-released.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN28806943/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd. | Movable Type |
Version: Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28806943/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T01:00:21",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN28806943/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Movable Type",
"version": {
"version_data": [
{
"version_value": "Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier"
}
]
}
}
]
},
"vendor_name": "Six Apart Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html",
"refsource": "MISC",
"url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
},
{
"name": "https://jvn.jp/en/jp/JVN28806943/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN28806943/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5575",
"datePublished": "2020-05-14T01:00:21",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-43660
Vulnerability from cvelistv5
Published
2022-12-07 00:00
Modified
2024-08-03 13:40
Severity ?
EPSS score ?
Summary
Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd. | Movable Type |
Version: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:40:06.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://movabletype.org/news/2022/11/mt-796-688-released.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN37014768/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of \u0027Manage of Content Types\u0027 may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Neutralization of Server-Side Includes (SSI) Within a Web Page",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://movabletype.org/news/2022/11/mt-796-688-released.html"
},
{
"url": "https://jvn.jp/en/jp/JVN37014768/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-43660",
"datePublished": "2022-12-07T00:00:00",
"dateReserved": "2022-11-15T00:00:00",
"dateUpdated": "2024-08-03T13:40:06.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20815
Vulnerability from cvelistv5
Published
2021-08-26 01:20
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://movabletype.org/news/2021/08/mt-780-681-released.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN97545738/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd. | Movable Type |
Version: Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-26T01:20:46",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Movable Type",
"version": {
"version_data": [
{
"version_value": "Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier"
}
]
}
}
]
},
"vendor_name": "Six Apart Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://movabletype.org/news/2021/08/mt-780-681-released.html",
"refsource": "MISC",
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"name": "https://jvn.jp/en/jp/JVN97545738/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20815",
"datePublished": "2021-08-26T01:20:46",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-45122
Vulnerability from cvelistv5
Published
2022-12-07 00:00
Modified
2024-08-03 14:01
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd. | Movable Type |
Version: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://movabletype.org/news/2022/11/mt-796-688-released.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN37014768/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier allows a remote unauthenticated attacker to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://movabletype.org/news/2022/11/mt-796-688-released.html"
},
{
"url": "https://jvn.jp/en/jp/JVN37014768/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-45122",
"datePublished": "2022-12-07T00:00:00",
"dateReserved": "2022-11-15T00:00:00",
"dateUpdated": "2024-08-03T14:01:31.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20809
Vulnerability from cvelistv5
Published
2021-08-26 01:20
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://movabletype.org/news/2021/08/mt-780-681-released.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN97545738/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd. | Movable Type |
Version: Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-26T01:20:35",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Movable Type",
"version": {
"version_data": [
{
"version_value": "Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier"
}
]
}
}
]
},
"vendor_name": "Six Apart Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://movabletype.org/news/2021/08/mt-780-681-released.html",
"refsource": "MISC",
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"name": "https://jvn.jp/en/jp/JVN97545738/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20809",
"datePublished": "2021-08-26T01:20:35",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6025
Vulnerability from cvelistv5
Published
2019-12-26 15:16
Modified
2024-08-04 20:16
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN65280626/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd | Movable Type series |
Version: Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN65280626/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type series",
"vendor": "Six Apart Ltd",
"versions": [
{
"status": "affected",
"version": "Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-26T15:16:50",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN65280626/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Movable Type series",
"version": {
"version_data": [
{
"version_value": "Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium)"
}
]
}
}
]
},
"vendor_name": "Six Apart Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html",
"refsource": "MISC",
"url": "https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html"
},
{
"name": "http://jvn.jp/en/jp/JVN65280626/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN65280626/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6025",
"datePublished": "2019-12-26T15:16:50",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:16:23.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0209
Vulnerability from cvelistv5
Published
2013-01-23 01:00
Modified
2024-09-16 23:35
Severity ?
EPSS score ?
Summary
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.sec-1.com/blog/?p=402 | x_refsource_MISC | |
| http://www.movabletype.org/2013/01/movable_type_438_patch.html | x_refsource_CONFIRM | |
| http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt | x_refsource_MISC | |
| http://openwall.com/lists/oss-security/2013/01/22/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sec-1.com/blog/?p=402"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.movabletype.org/2013/01/movable_type_438_patch.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt"
},
{
"name": "[oss-security] 20130121 Re: CVE request for Movable Type",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/01/22/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-23T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sec-1.com/blog/?p=402"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.movabletype.org/2013/01/movable_type_438_patch.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt"
},
{
"name": "[oss-security] 20130121 Re: CVE request for Movable Type",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/01/22/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sec-1.com/blog/?p=402",
"refsource": "MISC",
"url": "http://www.sec-1.com/blog/?p=402"
},
{
"name": "http://www.movabletype.org/2013/01/movable_type_438_patch.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/2013/01/movable_type_438_patch.html"
},
{
"name": "http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt",
"refsource": "MISC",
"url": "http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt"
},
{
"name": "[oss-security] 20130121 Re: CVE request for Movable Type",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/01/22/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0209",
"datePublished": "2013-01-23T01:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-09-16T23:35:35.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-45113
Vulnerability from cvelistv5
Published
2022-12-07 00:00
Modified
2024-08-03 14:01
Severity ?
EPSS score ?
Summary
Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially crafted URL may allow a remote unauthenticated attacker to set a specially crafted URL to the Reset Password page and conduct a phishing attack. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd. | Movable Type |
Version: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://movabletype.org/news/2022/11/mt-796-688-released.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN37014768/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially crafted URL may allow a remote unauthenticated attacker to set a specially crafted URL to the Reset Password page and conduct a phishing attack. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://movabletype.org/news/2022/11/mt-796-688-released.html"
},
{
"url": "https://jvn.jp/en/jp/JVN37014768/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-45113",
"datePublished": "2022-12-07T00:00:00",
"dateReserved": "2022-11-15T00:00:00",
"dateUpdated": "2024-08-03T14:01:31.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1592
Vulnerability from cvelistv5
Published
2015-02-19 15:00
Modified
2024-08-06 04:47
Severity ?
EPSS score ?
Summary
Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.debian.org/security/2015/dsa-3183 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securitytracker.com/id/1031777 | vdb-entry, x_refsource_SECTRACK | |
| http://www.openwall.com/lists/oss-security/2015/02/12/2 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/100912 | vdb-entry, x_refsource_XF | |
| https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/72606 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2015/02/12/17 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:47:17.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3183",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2015/dsa-3183"
},
{
"name": "1031777",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031777"
},
{
"name": "[oss-security] 20150212 CVE request: MovableType before 5.2.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/12/2"
},
{
"name": "movable-type-cve20151592-file-include(100912)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100912"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html"
},
{
"name": "72606",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72606"
},
{
"name": "[oss-security] 20150212 Re: CVE request: MovableType before 5.2.12 - Movable Type",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/12/17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3183",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2015/dsa-3183"
},
{
"name": "1031777",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031777"
},
{
"name": "[oss-security] 20150212 CVE request: MovableType before 5.2.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/12/2"
},
{
"name": "movable-type-cve20151592-file-include(100912)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100912"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html"
},
{
"name": "72606",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72606"
},
{
"name": "[oss-security] 20150212 Re: CVE request: MovableType before 5.2.12 - Movable Type",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/12/17"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3183",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2015/dsa-3183"
},
{
"name": "1031777",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031777"
},
{
"name": "[oss-security] 20150212 CVE request: MovableType before 5.2.12",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/02/12/2"
},
{
"name": "movable-type-cve20151592-file-include(100912)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100912"
},
{
"name": "https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html",
"refsource": "CONFIRM",
"url": "https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html"
},
{
"name": "72606",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72606"
},
{
"name": "[oss-security] 20150212 Re: CVE request: MovableType before 5.2.12 - Movable Type",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/02/12/17"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1592",
"datePublished": "2015-02-19T15:00:00",
"dateReserved": "2015-02-12T00:00:00",
"dateUpdated": "2024-08-06T04:47:17.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20811
Vulnerability from cvelistv5
Published
2021-08-26 01:20
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in List of Assets screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://movabletype.org/news/2021/08/mt-780-681-released.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN97545738/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd. | Movable Type |
Version: Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in List of Assets screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-26T01:20:39",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Movable Type",
"version": {
"version_data": [
{
"version_value": "Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier"
}
]
}
}
]
},
"vendor_name": "Six Apart Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in List of Assets screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://movabletype.org/news/2021/08/mt-780-681-released.html",
"refsource": "MISC",
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"name": "https://jvn.jp/en/jp/JVN97545738/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20811",
"datePublished": "2021-08-26T01:20:39",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20808
Vulnerability from cvelistv5
Published
2021-08-26 01:20
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Search screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://movabletype.org/news/2021/08/mt-780-681-released.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN97545738/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd. | Movable Type |
Version: Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:23.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Search screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-26T01:20:32",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Movable Type",
"version": {
"version_data": [
{
"version_value": "Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier"
}
]
}
}
]
},
"vendor_name": "Six Apart Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Search screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://movabletype.org/news/2021/08/mt-780-681-released.html",
"refsource": "MISC",
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"name": "https://jvn.jp/en/jp/JVN97545738/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20808",
"datePublished": "2021-08-26T01:20:32",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:23.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20810
Vulnerability from cvelistv5
Published
2021-08-26 01:20
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Website Management screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://movabletype.org/news/2021/08/mt-780-681-released.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN97545738/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd. | Movable Type |
Version: Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Website Management screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-26T01:20:37",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Movable Type",
"version": {
"version_data": [
{
"version_value": "Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier"
}
]
}
}
]
},
"vendor_name": "Six Apart Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Website Management screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://movabletype.org/news/2021/08/mt-780-681-released.html",
"refsource": "MISC",
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"name": "https://jvn.jp/en/jp/JVN97545738/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20810",
"datePublished": "2021-08-26T01:20:38",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0317
Vulnerability from cvelistv5
Published
2012-03-03 02:00
Modified
2024-08-06 18:23
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/52138 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2012/dsa-2423 | vendor-advisory, x_refsource_DEBIAN | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2012-000015 | third-party-advisory, x_refsource_JVNDB | |
| http://www.securitytracker.com/id?1026738 | vdb-entry, x_refsource_SECTRACK | |
| http://www.movabletype.org/documentation/appendices/release-notes/513.html | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN70683217/index.html | third-party-advisory, x_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"name": "52138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52138"
},
{
"name": "DSA-2423",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"name": "JVNDB-2012-000015",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000015"
},
{
"name": "1026738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026738"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
},
{
"name": "JVN#70683217",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN70683217/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"name": "52138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52138"
},
{
"name": "DSA-2423",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"name": "JVNDB-2012-000015",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000015"
},
{
"name": "1026738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026738"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
},
{
"name": "JVN#70683217",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN70683217/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-0317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"name": "52138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52138"
},
{
"name": "DSA-2423",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"name": "JVNDB-2012-000015",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000015"
},
{
"name": "1026738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026738"
},
{
"name": "http://www.movabletype.org/documentation/appendices/release-notes/513.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
},
{
"name": "JVN#70683217",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN70683217/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-0317",
"datePublished": "2012-03-03T02:00:00",
"dateReserved": "2012-01-04T00:00:00",
"dateUpdated": "2024-08-06T18:23:30.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5576
Vulnerability from cvelistv5
Published
2020-05-14 01:00
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://movabletype.org/news/2020/05/mt-730-660-6312-released.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN28806943/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd. | Movable Type |
Version: Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28806943/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T01:00:21",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN28806943/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Movable Type",
"version": {
"version_data": [
{
"version_value": "Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier"
}
]
}
}
]
},
"vendor_name": "Six Apart Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html",
"refsource": "MISC",
"url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
},
{
"name": "https://jvn.jp/en/jp/JVN28806943/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN28806943/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5576",
"datePublished": "2020-05-14T01:00:22",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20813
Vulnerability from cvelistv5
Published
2021-08-26 01:20
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series) and Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series)) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://movabletype.org/news/2021/08/mt-780-681-released.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN97545738/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd. | Movable Type |
Version: Movable Type 7 r.4903 and earlier (Movable Type 7 Series) and Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "Movable Type 7 r.4903 and earlier (Movable Type 7 Series) and Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series) and Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series)) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-26T01:20:42",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Movable Type",
"version": {
"version_data": [
{
"version_value": "Movable Type 7 r.4903 and earlier (Movable Type 7 Series) and Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series)"
}
]
}
}
]
},
"vendor_name": "Six Apart Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series) and Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series)) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://movabletype.org/news/2021/08/mt-780-681-released.html",
"refsource": "MISC",
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"name": "https://jvn.jp/en/jp/JVN97545738/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20813",
"datePublished": "2021-08-26T01:20:42",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2481
Vulnerability from cvelistv5
Published
2009-07-16 16:00
Modified
2024-08-07 05:52
Severity ?
EPSS score ?
Summary
mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN08369659/index.html | third-party-advisory, x_refsource_JVN | |
| http://secunia.com/advisories/35534 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2009/1668 | vdb-entry, x_refsource_VUPEN | |
| http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000043.html | third-party-advisory, x_refsource_JVNDB | |
| http://www.securityfocus.com/bid/35471 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51330 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#08369659",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN08369659/index.html"
},
{
"name": "35534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35534"
},
{
"name": "ADV-2009-1668",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1668"
},
{
"name": "JVNDB-2009-000043",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000043.html"
},
{
"name": "35471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35471"
},
{
"name": "movabletype-mtwizard-security-bypass(51330)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51330"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "JVN#08369659",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN08369659/index.html"
},
{
"name": "35534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35534"
},
{
"name": "ADV-2009-1668",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1668"
},
{
"name": "JVNDB-2009-000043",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000043.html"
},
{
"name": "35471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35471"
},
{
"name": "movabletype-mtwizard-security-bypass(51330)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51330"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#08369659",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN08369659/index.html"
},
{
"name": "35534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35534"
},
{
"name": "ADV-2009-1668",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1668"
},
{
"name": "JVNDB-2009-000043",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000043.html"
},
{
"name": "35471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35471"
},
{
"name": "movabletype-mtwizard-security-bypass(51330)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51330"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2481",
"datePublished": "2009-07-16T16:00:00",
"dateReserved": "2009-07-16T00:00:00",
"dateUpdated": "2024-08-07T05:52:14.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1503
Vulnerability from cvelistv5
Published
2014-08-29 14:00
Modified
2024-08-06 19:01
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/22151 | exploit, x_refsource_EXPLOIT-DB | |
| http://osvdb.org/show/osvdb/86729 | vdb-entry, x_refsource_OSVDB | |
| http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/56160 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/79521 | vdb-entry, x_refsource_XF | |
| http://packetstormsecurity.org/files/117564/Movable-Type-Pro-5.13en-Cross-Site-Scripting.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22151",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/22151"
},
{
"name": "86729",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/show/osvdb/86729"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html"
},
{
"name": "56160",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56160"
},
{
"name": "movabletype-mt513en-xss(79521)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79521"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/117564/Movable-Type-Pro-5.13en-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22151",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/22151"
},
{
"name": "86729",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/show/osvdb/86729"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html"
},
{
"name": "56160",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56160"
},
{
"name": "movabletype-mt513en-xss(79521)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79521"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/117564/Movable-Type-Pro-5.13en-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22151",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/22151"
},
{
"name": "86729",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/86729"
},
{
"name": "http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html",
"refsource": "MISC",
"url": "http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html"
},
{
"name": "56160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56160"
},
{
"name": "movabletype-mt513en-xss(79521)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79521"
},
{
"name": "http://packetstormsecurity.org/files/117564/Movable-Type-Pro-5.13en-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/117564/Movable-Type-Pro-5.13en-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1503",
"datePublished": "2014-08-29T14:00:00",
"dateReserved": "2012-03-07T00:00:00",
"dateUpdated": "2024-08-06T19:01:02.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20814
Vulnerability from cvelistv5
Published
2021-08-26 01:20
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), and Movable Type Premium 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://movabletype.org/news/2021/08/mt-780-681-released.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN97545738/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd. | Movable Type |
Version: Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), and Movable Type Premium 1.44 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), and Movable Type Premium 1.44 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), and Movable Type Premium 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-26T01:20:44",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Movable Type",
"version": {
"version_data": [
{
"version_value": "Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), and Movable Type Premium 1.44 and earlier"
}
]
}
}
]
},
"vendor_name": "Six Apart Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), and Movable Type Premium 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://movabletype.org/news/2021/08/mt-780-681-released.html",
"refsource": "MISC",
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"name": "https://jvn.jp/en/jp/JVN97545738/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20814",
"datePublished": "2021-08-26T01:20:44",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5577
Vulnerability from cvelistv5
Published
2020-05-14 01:00
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://movabletype.org/news/2020/05/mt-730-660-6312-released.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN28806943/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd. | Movable Type |
Version: Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28806943/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T01:00:22",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN28806943/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Movable Type",
"version": {
"version_data": [
{
"version_value": "Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier"
}
]
}
}
]
},
"vendor_name": "Six Apart Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html",
"refsource": "MISC",
"url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
},
{
"name": "https://jvn.jp/en/jp/JVN28806943/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN28806943/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5577",
"datePublished": "2020-05-14T01:00:22",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-5084
Vulnerability from cvelistv5
Published
2012-04-02 18:00
Modified
2024-08-07 00:23
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2012/dsa-2423 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:40.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2423",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2423",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2423",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"name": "http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5084",
"datePublished": "2012-04-02T18:00:00",
"dateReserved": "2012-04-02T00:00:00",
"dateUpdated": "2024-08-07T00:23:40.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20812
Vulnerability from cvelistv5
Published
2021-08-26 01:20
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type (Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://movabletype.org/news/2021/08/mt-780-681-released.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN97545738/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd. | Movable Type |
Version: Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) and Movable Type Premium Advanced 1.44 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) and Movable Type Premium Advanced 1.44 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type (Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-26T01:20:41",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Movable Type",
"version": {
"version_data": [
{
"version_value": "Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) and Movable Type Premium Advanced 1.44 and earlier"
}
]
}
}
]
},
"vendor_name": "Six Apart Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type (Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://movabletype.org/news/2021/08/mt-780-681-released.html",
"refsource": "MISC",
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"name": "https://jvn.jp/en/jp/JVN97545738/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20812",
"datePublished": "2021-08-26T01:20:41",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2184
Vulnerability from cvelistv5
Published
2015-03-27 14:00
Modified
2024-08-06 15:27
Severity ?
EPSS score ?
Summary
Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2013/q2/568 | mailing-list, x_refsource_MLIST | |
| https://movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html | x_refsource_MISC | |
| http://seclists.org/oss-sec/2013/q2/560 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2015/dsa-3183 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130614 Re: CVE request: MovableType before 5.2.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q2/568"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html"
},
{
"name": "[oss-security] 20130613 CVE request: MovableType before 5.2.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q2/560"
},
{
"name": "DSA-3183",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3183"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-27T11:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130614 Re: CVE request: MovableType before 5.2.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q2/568"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html"
},
{
"name": "[oss-security] 20130613 CVE request: MovableType before 5.2.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q2/560"
},
{
"name": "DSA-3183",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3183"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130614 Re: CVE request: MovableType before 5.2.6",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q2/568"
},
{
"name": "https://movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html",
"refsource": "MISC",
"url": "https://movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html"
},
{
"name": "[oss-security] 20130613 CVE request: MovableType before 5.2.6",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q2/560"
},
{
"name": "DSA-3183",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3183"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2184",
"datePublished": "2015-03-27T14:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:41.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5574
Vulnerability from cvelistv5
Published
2020-05-14 01:00
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://movabletype.org/news/2020/05/mt-730-660-6312-released.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN28806943/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd. | Movable Type |
Version: Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28806943/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T01:00:21",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN28806943/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Movable Type",
"version": {
"version_data": [
{
"version_value": "Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier"
}
]
}
}
]
},
"vendor_name": "Six Apart Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html",
"refsource": "MISC",
"url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
},
{
"name": "https://jvn.jp/en/jp/JVN28806943/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN28806943/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5574",
"datePublished": "2020-05-14T01:00:21",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5846
Vulnerability from cvelistv5
Published
2009-01-05 20:00
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a "system-wide entry listing screen."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.movabletype.org/mt_423_change_log.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/33133 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47759 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.movabletype.org/mt_423_change_log.html"
},
{
"name": "33133",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33133"
},
{
"name": "mt-entrylistingscreen-security-bypass(47759)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47759"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a \"system-wide entry listing screen.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.movabletype.org/mt_423_change_log.html"
},
{
"name": "33133",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33133"
},
{
"name": "mt-entrylistingscreen-security-bypass(47759)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47759"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a \"system-wide entry listing screen.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.movabletype.org/mt_423_change_log.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/mt_423_change_log.html"
},
{
"name": "33133",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33133"
},
{
"name": "mt-entrylistingscreen-security-bypass(47759)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47759"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5846",
"datePublished": "2009-01-05T20:00:00",
"dateReserved": "2009-01-05T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6751
Vulnerability from cvelistv5
Published
2012-01-04 19:00
Modified
2024-08-07 16:18
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the MailForm plugin before 1.20 for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN60887968/index.html | third-party-advisory, x_refsource_JVN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72344 | vdb-entry, x_refsource_XF | |
| http://www.h-fj.com/blog/archives/2007/01/23-111038.php | x_refsource_CONFIRM | |
| http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000108.html | third-party-advisory, x_refsource_JVNDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#60887968",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN60887968/index.html"
},
{
"name": "movabletype-mailform-xss(72344)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72344"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.h-fj.com/blog/archives/2007/01/23-111038.php"
},
{
"name": "JVNDB-2011-000108",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000108.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the MailForm plugin before 1.20 for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "JVN#60887968",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN60887968/index.html"
},
{
"name": "movabletype-mailform-xss(72344)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72344"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.h-fj.com/blog/archives/2007/01/23-111038.php"
},
{
"name": "JVNDB-2011-000108",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000108.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the MailForm plugin before 1.20 for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#60887968",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN60887968/index.html"
},
{
"name": "movabletype-mailform-xss(72344)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72344"
},
{
"name": "http://www.h-fj.com/blog/archives/2007/01/23-111038.php",
"refsource": "CONFIRM",
"url": "http://www.h-fj.com/blog/archives/2007/01/23-111038.php"
},
{
"name": "JVNDB-2011-000108",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000108.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6751",
"datePublished": "2012-01-04T19:00:00",
"dateReserved": "2012-01-04T00:00:00",
"dateUpdated": "2024-08-07T16:18:20.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-38078
Vulnerability from cvelistv5
Published
2022-08-24 08:40
Modified
2024-08-03 10:45
Severity ?
EPSS score ?
Summary
Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://movabletype.org/news/2022/08/mt-795-687-released.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN57728859/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd. | Movable Type XMLRPC API |
Version: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://movabletype.org/news/2022/08/mt-795-687-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN57728859/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type XMLRPC API",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-24T08:40:42",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://movabletype.org/news/2022/08/mt-795-687-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN57728859/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-38078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Movable Type XMLRPC API",
"version": {
"version_data": [
{
"version_value": "Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier"
}
]
}
}
]
},
"vendor_name": "Six Apart Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://movabletype.org/news/2022/08/mt-795-687-released.html",
"refsource": "MISC",
"url": "https://movabletype.org/news/2022/08/mt-795-687-released.html"
},
{
"name": "https://jvn.jp/en/jp/JVN57728859/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN57728859/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-38078",
"datePublished": "2022-08-24T08:40:42",
"dateReserved": "2022-08-22T00:00:00",
"dateUpdated": "2024-08-03T10:45:52.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20837
Vulnerability from cvelistv5
Published
2021-10-26 05:15
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd. | Movable Type |
Version: Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://movabletype.org/news/2021/10/mt-782-683-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN41119755/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164705/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164818/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-09T19:06:17",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://movabletype.org/news/2021/10/mt-782-683-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN41119755/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164705/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164818/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Movable Type",
"version": {
"version_data": [
{
"version_value": "Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier"
}
]
}
}
]
},
"vendor_name": "Six Apart Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://movabletype.org/news/2021/10/mt-782-683-released.html",
"refsource": "MISC",
"url": "https://movabletype.org/news/2021/10/mt-782-683-released.html"
},
{
"name": "https://jvn.jp/en/jp/JVN41119755/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN41119755/index.html"
},
{
"name": "http://packetstormsecurity.com/files/164705/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164705/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html"
},
{
"name": "http://packetstormsecurity.com/files/164818/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164818/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20837",
"datePublished": "2021-10-26T05:15:12",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5669
Vulnerability from cvelistv5
Published
2021-10-26 10:10
Modified
2024-08-04 08:39
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sixapart.jp/movabletype/news/2020/11/18-1101.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN94245475/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd. | Movable Type |
Version: Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sixapart.jp/movabletype/news/2020/11/18-1101.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN94245475/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-26T10:10:10",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sixapart.jp/movabletype/news/2020/11/18-1101.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN94245475/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Movable Type",
"version": {
"version_data": [
{
"version_value": "Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier"
}
]
}
}
]
},
"vendor_name": "Six Apart Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sixapart.jp/movabletype/news/2020/11/18-1101.html",
"refsource": "MISC",
"url": "https://www.sixapart.jp/movabletype/news/2020/11/18-1101.html"
},
{
"name": "https://jvn.jp/en/jp/JVN94245475/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN94245475/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5669",
"datePublished": "2021-10-26T10:10:10",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-5085
Vulnerability from cvelistv5
Published
2012-04-02 18:00
Modified
2024-08-07 00:23
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to read or modify data via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2012/dsa-2423 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:40.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2423",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to read or modify data via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2423",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to read or modify data via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2423",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"name": "http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5085",
"datePublished": "2012-04-02T18:00:00",
"dateReserved": "2012-04-02T00:00:00",
"dateUpdated": "2024-08-07T00:23:40.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5742
Vulnerability from cvelistv5
Published
2017-01-23 21:00
Modified
2024-08-06 01:07
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/06/22/5 | mailing-list, x_refsource_MLIST | |
| http://www.securitytracker.com/id/1036160 | vdb-entry, x_refsource_SECTRACK | |
| http://www.openwall.com/lists/oss-security/2016/06/22/3 | mailing-list, x_refsource_MLIST | |
| https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/06/22/6 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160622 Re: CVE request: SQL injection in MovableType xml-rpc interface",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/5"
},
{
"name": "1036160",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036160"
},
{
"name": "[oss-security] 20160622 CVE request: SQL injection in MovableType xml-rpc interface",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html"
},
{
"name": "[oss-security] 20160622 Re: CVE request: SQL injection in MovableType xml-rpc interface",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160622 Re: CVE request: SQL injection in MovableType xml-rpc interface",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/5"
},
{
"name": "1036160",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036160"
},
{
"name": "[oss-security] 20160622 CVE request: SQL injection in MovableType xml-rpc interface",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html"
},
{
"name": "[oss-security] 20160622 Re: CVE request: SQL injection in MovableType xml-rpc interface",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160622 Re: CVE request: SQL injection in MovableType xml-rpc interface",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/5"
},
{
"name": "1036160",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036160"
},
{
"name": "[oss-security] 20160622 CVE request: SQL injection in MovableType xml-rpc interface",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/3"
},
{
"name": "https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html",
"refsource": "CONFIRM",
"url": "https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html"
},
{
"name": "[oss-security] 20160622 Re: CVE request: SQL injection in MovableType xml-rpc interface",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5742",
"datePublished": "2017-01-23T21:00:00",
"dateReserved": "2016-06-22T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5528
Vulnerability from cvelistv5
Published
2020-02-06 09:30
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://movabletype.org/news/2020/02/movable_type_r4605_v720_v653_and_v6311_released.html | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN94435544/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd | Movable Type series |
Version: Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://movabletype.org/news/2020/02/movable_type_r4605_v720_v653_and_v6311_released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN94435544/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type series",
"vendor": "Six Apart Ltd",
"versions": [
{
"status": "affected",
"version": "Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-06T09:30:14",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://movabletype.org/news/2020/02/movable_type_r4605_v720_v653_and_v6311_released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN94435544/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Movable Type series",
"version": {
"version_data": [
{
"version_value": "Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)"
}
]
}
}
]
},
"vendor_name": "Six Apart Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://movabletype.org/news/2020/02/movable_type_r4605_v720_v653_and_v6311_released.html",
"refsource": "MISC",
"url": "https://movabletype.org/news/2020/02/movable_type_r4605_v720_v653_and_v6311_released.html"
},
{
"name": "http://jvn.jp/en/jp/JVN94435544/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN94435544/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5528",
"datePublished": "2020-02-06T09:30:14",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5845
Vulnerability from cvelistv5
Published
2009-01-05 20:00
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View template; a (5) listing screen or (6) edit screen in the CMS app; (7) a TrackBack title, related to the HTML sanitization library; or (8) a user archive name (aka archive title) on a published Community Blog template.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN45658190/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.movabletype.org/mt_423_change_log.html | x_refsource_CONFIRM | |
| http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000031.html | third-party-advisory, x_refsource_JVNDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#45658190",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN45658190/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.movabletype.org/mt_423_change_log.html"
},
{
"name": "JVNDB-2011-000031",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View template; a (5) listing screen or (6) edit screen in the CMS app; (7) a TrackBack title, related to the HTML sanitization library; or (8) a user archive name (aka archive title) on a published Community Blog template."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "JVN#45658190",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN45658190/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.movabletype.org/mt_423_change_log.html"
},
{
"name": "JVNDB-2011-000031",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000031.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View template; a (5) listing screen or (6) edit screen in the CMS app; (7) a TrackBack title, related to the HTML sanitization library; or (8) a user archive name (aka archive title) on a published Community Blog template."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#45658190",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN45658190/index.html"
},
{
"name": "http://www.movabletype.org/mt_423_change_log.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/mt_423_change_log.html"
},
{
"name": "JVNDB-2011-000031",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000031.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5845",
"datePublished": "2009-01-05T20:00:00",
"dateReserved": "2009-01-05T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0320
Vulnerability from cvelistv5
Published
2012-03-03 02:00
Modified
2024-08-06 18:23
Severity ?
EPSS score ?
Summary
Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the (1) commenting feature and (2) community script.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN20083397/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.securityfocus.com/bid/52138 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2012/dsa-2423 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securitytracker.com/id?1026738 | vdb-entry, x_refsource_SECTRACK | |
| http://www.movabletype.org/documentation/appendices/release-notes/513.html | x_refsource_CONFIRM | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2012-000018 | third-party-advisory, x_refsource_JVNDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"name": "JVN#20083397",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN20083397/index.html"
},
{
"name": "52138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52138"
},
{
"name": "DSA-2423",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"name": "1026738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026738"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
},
{
"name": "JVNDB-2012-000018",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the (1) commenting feature and (2) community script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"name": "JVN#20083397",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN20083397/index.html"
},
{
"name": "52138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52138"
},
{
"name": "DSA-2423",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"name": "1026738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026738"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
},
{
"name": "JVNDB-2012-000018",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-0320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the (1) commenting feature and (2) community script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"name": "JVN#20083397",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN20083397/index.html"
},
{
"name": "52138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52138"
},
{
"name": "DSA-2423",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"name": "1026738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026738"
},
{
"name": "http://www.movabletype.org/documentation/appendices/release-notes/513.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
},
{
"name": "JVNDB-2012-000018",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-0320",
"datePublished": "2012-03-03T02:00:00",
"dateReserved": "2012-01-04T00:00:00",
"dateUpdated": "2024-08-06T18:23:30.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45746
Vulnerability from cvelistv5
Published
2023-10-30 04:57
Modified
2024-10-29 18:23
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Six Apart Ltd. | Movable Type 7 (Movable Type 7 Series) |
Version: r.5405 and earlier |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://movabletype.org/news/2023/10/mt-79020-released.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN39139884/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-45746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:30:04.872226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T18:23:10.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Movable Type 7 (Movable Type 7 Series)",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "r.5405 and earlier"
}
]
},
{
"product": "Movable Type Advanced 7 (Movable Type 7 Series)",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "r.5405 and earlier"
}
]
},
{
"product": "Movable Type Premium",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "1.58 and earlier"
}
]
},
{
"product": "Movable Type Premium Advanced",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "1.58 and earlier"
}
]
},
{
"product": "Movable Type Cloud Edition (Version 7)",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "r.5405 and earlier"
}
]
},
{
"product": "Movable Type Premium Cloud Edition",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "1.58 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T04:57:43.561Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://movabletype.org/news/2023/10/mt-79020-released.html"
},
{
"url": "https://jvn.jp/en/jp/JVN39139884/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-45746",
"datePublished": "2023-10-30T04:57:43.561Z",
"dateReserved": "2023-10-12T05:42:52.133Z",
"dateUpdated": "2024-10-29T18:23:10.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-01-23 01:55
Modified
2024-11-21 01:47
Severity ?
Summary
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | 4.21 | |
| sixapart | movable_type | 4.22 | |
| sixapart | movable_type | 4.23 | |
| sixapart | movable_type | 4.24 | |
| sixapart | movable_type | 4.25 | |
| sixapart | movable_type | 4.26 | |
| sixapart | movable_type | 4.27 | |
| sixapart | movable_type | 4.28 | |
| sixapart | movable_type | 4.28 | |
| sixapart | movable_type | 4.28 | |
| sixapart | movable_type | 4.29 | |
| sixapart | movable_type | 4.29 | |
| sixapart | movable_type | 4.29 | |
| sixapart | movable_type | 4.31 | |
| sixapart | movable_type | 4.32 | |
| sixapart | movable_type | 4.33 | |
| sixapart | movable_type | 4.34 | |
| sixapart | movable_type | 4.35 | |
| sixapart | movable_type | 4.36 | |
| sixapart | movable_type | 4.37 | |
| sixapart | movable_type | 4.38 | |
| sixapart | movable_type | 4.261 | |
| sixapart | movable_type | 4.291 | |
| sixapart | movable_type | 4.291 | |
| sixapart | movable_type | 4.291 | |
| sixapart | movable_type | 4.292 | |
| sixapart | movable_type | 4.292 | |
| sixapart | movable_type | 4.292 | |
| sixapart | movable_type | 4.361 | |
| sixapart | movable_type | 4.36 | |
| sixapart | movable_type | 4.37 | |
| sixapart | movable_type | 4.38 | |
| sixapart | movable_type | 4.361 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7AD39A71-0B61-4319-BEE1-12CAD4B095A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E36DD87F-F918-4BDD-98B7-41527470B838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "2B49D8B0-39C9-480B-9471-1846CE5A2142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "F909511A-D7B6-4033-AB99-87D6BC5741F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "8A200E33-641A-41B3-8EB3-E7380B686C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "52311931-CE3A-487B-B153-4066D07F63E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "86ED3B93-8769-4A60-BAE4-C50483254905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "703EEB4B-4747-45D5-9335-6FD5CB238F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.28:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "4A2BA875-0C6E-4AD4-9271-CB31E2B2B072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.28:*:open_source:*:*:*:*:*",
"matchCriteriaId": "BAAD088A-29B4-44B4-BB90-6BEF55428902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "36E48EE7-3212-406E-80AB-26B0206E97E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.29:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "59DC45AB-BF7F-4817-A0FB-E3EBCA8CB761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.29:*:open_source:*:*:*:*:*",
"matchCriteriaId": "6DE4CBB7-14AE-45F4-9170-3C097844E8DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "E4E3F7E4-FD59-49B2-96B8-EF8AFEB1E01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.32:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5666EE-4383-417D-871F-480093A6A49D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.33:*:*:*:*:*:*:*",
"matchCriteriaId": "F273F33D-A680-4FCE-A80A-38D9BC98A7FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.34:*:*:*:*:*:*:*",
"matchCriteriaId": "1C23010F-2AEF-4574-A857-7F41F082F707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1ADC65FF-B4E8-4346-80DE-647BDC4A4D3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.36:*:*:*:*:*:*:*",
"matchCriteriaId": "F8E76C88-E486-4463-BA41-6A08ECC5E214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.37:*:*:*:*:*:*:*",
"matchCriteriaId": "93798CD5-1099-4B6A-9303-6EFD037F5B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.38:*:*:*:*:*:*:*",
"matchCriteriaId": "B053E3DC-BE9E-4AA5-90B6-362E4F4953C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.261:*:*:*:*:*:*:*",
"matchCriteriaId": "E4905997-E4CE-406D-BE0F-B5E2F87AA177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.291:*:*:*:*:*:*:*",
"matchCriteriaId": "45A49069-F509-4C30-BC9F-DB1FF7C39294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.291:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "B516CE7A-7751-4CE0-8E16-097058A6657D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.291:*:open_source:*:*:*:*:*",
"matchCriteriaId": "320C5974-DA38-443F-9BAF-C60E729D3148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.292:*:*:*:*:*:*:*",
"matchCriteriaId": "E7330A56-5D69-495B-B0E9-A820B70573C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.292:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "563F69FA-34DD-4BF3-9B94-D41848E13915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.292:*:open_source:*:*:*:*:*",
"matchCriteriaId": "7020769D-803A-473A-8F1A-4984F870D6B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.361:*:*:*:*:*:*:*",
"matchCriteriaId": "9951EF1D-0D13-4215-9066-C17B352E6C6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.36:*:open_source:*:*:*:*:*",
"matchCriteriaId": "CD6E7E17-E69C-43C7-A9E3-1A7339B8BF68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.37:*:open_source:*:*:*:*:*",
"matchCriteriaId": "691C9C90-E88D-4E6F-A1DD-413FC73B9EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.38:*:open_source:*:*:*:*:*",
"matchCriteriaId": "F7F06FE8-50EF-4838-B1C5-2D347AC4B4E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.361:*:open_source:*:*:*:*:*",
"matchCriteriaId": "85FA0AB7-78D6-42DC-83E7-9630BD8EFCD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code."
},
{
"lang": "es",
"value": "lib/MT/Upgrade.pm en mt-upgrade.cgi en Movable Type v4.2x y v4.3x hasta v4.38 no requiere autenticaci\u00f3n para las peticiones a las funciones de migraci\u00f3n de base de datos, lo que permite a atacantes remotos llevar a cabo inyecciones eval y ataques de inyecci\u00f3n SQL a trav\u00e9s de par\u00e1metros especialmente elaborados, como se demuestra por un ataque de inyecci\u00f3n eval contra la funci\u00f3n core_drop_meta_for_table, dando lugar a la ejecuci\u00f3n de c\u00f3digo Perl."
}
],
"id": "CVE-2013-0209",
"lastModified": "2024-11-21T01:47:04.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-23T01:55:01.150",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2013/01/22/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.movabletype.org/2013/01/movable_type_438_patch.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.sec-1.com/blog/?p=402"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2013/01/22/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.movabletype.org/2013/01/movable_type_438_patch.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.sec-1.com/blog/?p=402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-26 16:15
Modified
2024-11-21 04:45
Severity ?
Summary
Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | 6.5.0 | |
| sixapart | movable_type | 6.5.1 | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | 6.5.0 | |
| sixapart | movable_type | 6.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D33BB800-5A4E-427F-982C-B60254195A76",
"versionEndIncluding": "6.3.9",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC5AB3F2-5F5C-463B-9165-0449B3FC6155",
"versionEndIncluding": "7.1.3",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1861BA8B-99BF-4C29-8407-09B512FDC01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1E1A42-6695-4E9D-BC5E-C79DAE977323",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "5CAEED13-1824-4958-98E7-62119CD41593",
"versionEndIncluding": "1.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
"matchCriteriaId": "A51EB193-5341-4C00-9777-7267A2E08849",
"versionEndIncluding": "1.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "7EE9B197-ABA5-4E2C-9CF0-94FC409C4112",
"versionEndIncluding": "6.3.9",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "58C3552A-3617-40FC-AA89-484C51E414E2",
"versionEndIncluding": "7.1.3",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.5.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "DC85493D-435C-4491-AC15-50375158F297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.5.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "1727A7E1-BC1E-4E7F-8F4B-2F4CCA0837F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de redireccionamiento abierto en la serie Movable Type Movable Type versi\u00f3n 7 r.4602 (7.1.3) y anteriores (Movable Type versi\u00f3n 7), Movable Type versiones 6.5.0 y 6.5.1 (Movable Type versi\u00f3n 6.5), Movable Type versi\u00f3n 6.3.9 y anteriores (Movable Type versiones 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced versi\u00f3n 7 r.4602 (7.1.3) y anteriores (Movable Type versi\u00f3n 7), Movable Type Advanced versiones 6.5.0 y 6.5.1 (Movable Type versi\u00f3n 6.5), Movable Type Advanced versi\u00f3n 6.3.9 y anterior (Movable Type versiones 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium versi\u00f3n 1.24 y anteriores (Movable Type Premium) y Movable Type Premium (Advanced Edici\u00f3n) versi\u00f3n 1.24 y anteriores (Movable Type Premium), permite a atacantes remotos redireccionar a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing por medio de una URL especialmente dise\u00f1ada."
}
],
"id": "CVE-2019-6025",
"lastModified": "2024-11-21T04:45:56.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-26T16:15:12.247",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN65280626/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN65280626/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-23 21:59
Modified
2024-11-21 02:54
Severity ?
Summary
SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | 6.0 | |
| sixapart | movable_type | 6.0 | |
| sixapart | movable_type | 6.0.1 | |
| sixapart | movable_type | 6.0.1 | |
| sixapart | movable_type | 6.0.2 | |
| sixapart | movable_type | 6.0.2 | |
| sixapart | movable_type | 6.0.3 | |
| sixapart | movable_type | 6.0.3 | |
| sixapart | movable_type | 6.0.4 | |
| sixapart | movable_type | 6.0.4 | |
| sixapart | movable_type | 6.0.5 | |
| sixapart | movable_type | 6.0.5 | |
| sixapart | movable_type | 6.0.6 | |
| sixapart | movable_type | 6.0.6 | |
| sixapart | movable_type | 6.0.7 | |
| sixapart | movable_type | 6.0.7 | |
| sixapart | movable_type | 6.0.8 | |
| sixapart | movable_type | 6.0.8 | |
| sixapart | movable_type | 6.1.0 | |
| sixapart | movable_type | 6.1.0 | |
| sixapart | movable_type | 6.1.1 | |
| sixapart | movable_type | 6.1.1 | |
| sixapart | movable_type | 6.1.2 | |
| sixapart | movable_type | 6.1.2 | |
| sixapart | movable_type | 6.2.0 | |
| sixapart | movable_type | 6.2.0 | |
| sixapart | movable_type | 6.2.2 | |
| sixapart | movable_type | 6.2.2 | |
| sixapart | movable_type | 6.2.4 | |
| sixapart | movable_type | 6.2.4 | |
| sixapart | movable_type_open_source | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "46EBCB79-DD24-452C-8B54-A6ADF459C46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0:*:*:*:pro:*:*:*",
"matchCriteriaId": "99D6EEE2-8F5F-43D1-A9AF-DFCE59483FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "6B1A1A8A-B47E-40F3-A07D-66AD8F2031E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.1:*:*:*:pro:*:*:*",
"matchCriteriaId": "36435113-44FE-41C6-9EB6-DB603BB7E8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.2:*:*:*:advanced:*:*:*",
"matchCriteriaId": "4801F84C-004D-437A-BC4A-45915B4228A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.2:*:*:*:pro:*:*:*",
"matchCriteriaId": "CE664558-4896-4326-BC03-973A9B4EE59D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.3:*:*:*:advanced:*:*:*",
"matchCriteriaId": "292405F1-4A82-4961-A4A1-F21F3AA6510D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.3:*:*:*:pro:*:*:*",
"matchCriteriaId": "FB43E3B1-A8CA-4F16-B034-F4E9321C2423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.4:*:*:*:advanced:*:*:*",
"matchCriteriaId": "A485EFD7-255F-4BA2-9032-D96FB88C795B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.4:*:*:*:pro:*:*:*",
"matchCriteriaId": "8C0B7753-6DB3-4B01-9202-1D18596A135C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.5:*:*:*:advanced:*:*:*",
"matchCriteriaId": "77DC2B82-8822-40AF-B8BF-0612BF3054FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.5:*:*:*:pro:*:*:*",
"matchCriteriaId": "C27BAB0B-4489-4B2A-9251-F4F671906200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.6:*:*:*:advanced:*:*:*",
"matchCriteriaId": "1FC6BA31-5FFE-4473-96EE-4BB376F073A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.6:*:*:*:pro:*:*:*",
"matchCriteriaId": "CFEA0EB4-8666-4D07-899A-519A41AB1CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.7:*:*:*:advanced:*:*:*",
"matchCriteriaId": "B60407F2-9F4C-4CE8-A2EE-CD526D5C682A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.7:*:*:*:pro:*:*:*",
"matchCriteriaId": "A5ADA8C6-E7EF-4B00-ABBB-50854ECEDFF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.8:*:*:*:advanced:*:*:*",
"matchCriteriaId": "08ADF3D9-7462-4577-AA03-F5A5D3BA8C8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.8:*:*:*:pro:*:*:*",
"matchCriteriaId": "559A24DE-EBCD-4240-86E5-AD16F6BA6F39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.1.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "05AADF42-D62C-4CD0-9581-4E29F3704E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.1.0:*:*:*:pro:*:*:*",
"matchCriteriaId": "53CA8349-8798-4A16-B13E-B72B62141B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.1.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "D0A60CE1-E1BB-4020-9B46-C4FBBB18189A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.1.1:*:*:*:pro:*:*:*",
"matchCriteriaId": "1BF4E7AD-CE6D-4F04-ABC9-286173C427B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.1.2:*:*:*:advanced:*:*:*",
"matchCriteriaId": "C0B57ADA-5C3D-4B1A-9361-806E1CEE20E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.1.2:*:*:*:pro:*:*:*",
"matchCriteriaId": "FD38EA40-8ED0-4C96-BEF9-FB564C27E6FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.2.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "9B2AAB80-89F0-4DEC-BB2B-DB33CC98E979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.2.0:*:*:*:pro:*:*:*",
"matchCriteriaId": "437E1348-D432-4822-9FFD-437809CB0890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.2.2:*:*:*:advanced:*:*:*",
"matchCriteriaId": "F191CFFC-795D-4123-80C0-FEA01517C3E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.2.2:*:*:*:pro:*:*:*",
"matchCriteriaId": "BC863821-142E-4B2C-BBB3-A0E34898EEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.2.4:*:*:*:advanced:*:*:*",
"matchCriteriaId": "D1C039F4-5CFE-4B49-AB61-BEC853587EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.2.4:*:*:*:pro:*:*:*",
"matchCriteriaId": "4D86453C-13CC-4D7A-A937-D3F6E26ABD10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type_open_source:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C08602-329C-4506-BEFF-BF35BCDC7CB1",
"versionEndIncluding": "5.2.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la interfaz XML-RPC en Movable Type Pro y Advanced 6.x en versiones anteriores a 6.1.3 y 6.2.x en versiones anteriores a 6.2.6 y Movable Type Open Source 5.2.13 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-5742",
"lastModified": "2024-11-21T02:54:56.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-23T21:59:01.783",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036160"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/22/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-16 16:30
Modified
2024-11-21 01:04
Severity ?
Summary
mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:six_apart:movable_type:1.54:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "56106A34-006E-4B73-B6C6-3F36E9C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F1731B0E-71C0-4650-BFBF-1FB3865EAE76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:2.63:*:*:*:*:*:*:*",
"matchCriteriaId": "C057E938-243B-4BEE-BF38-F3334A2B9275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE37614D-A959-4B4A-BF2E-9F3C1072BA20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1542C3-E6CD-4CF6-9F1D-E8E58F2A11E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "47F63E3A-019C-431C-A155-1CD6E42FA485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "13132B94-C271-46F7-9450-FBA1FCBB914E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "B584BED2-F630-4A5B-8FE9-29BBE9517214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:3.36:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "14FCDA0F-2562-4B58-BF3A-F908AFABC557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "C55BC3C3-83AB-452C-AC2D-A53B3E0C3473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:4.20:*:community_solution:*:*:*:*:*",
"matchCriteriaId": "C4EFB50C-CC9C-46EC-92C3-A581684354E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:4.20:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "E7FEAC67-FA0C-49AE-9AEB-B1E68FB54C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:4.20:*:open_source:*:*:*:*:*",
"matchCriteriaId": "321A94B3-CDAC-4793-9660-CDCDC614EBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "DDDB2948-C902-43FC-9D2E-7EA3775F5A50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*",
"matchCriteriaId": "230918F1-5CCE-4A03-ABFD-5EF0BC59DF32",
"versionEndIncluding": "4.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:1.00:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "B1A33E50-6BFD-418F-9F3E-B42C013AA0F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:1.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "DC0F1B54-554E-45C7-8943-A73086C88385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:1.2:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "A56CDA00-DC8E-4042-A882-FB6D7D2F43B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:1.3:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "1C8F4F3A-9942-4263-BC42-CDCDACDFF2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:1.4:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "38626110-81A0-4C99-AB8F-D77FDF662887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:1.5:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "5212ADBE-9F50-4EAB-AC28-91314AA24595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:1.31:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "3542C36E-E457-46DD-A5F7-BD22E16F1C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.0d:*:*:*:*:*:*:*",
"matchCriteriaId": "461319CC-BCDC-4E24-B384-1EEC8B7C4596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "967DAF27-D561-4FDB-A65C-788551871E5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.01d:*:*:*:*:*:*:*",
"matchCriteriaId": "DD460D1D-5971-491E-863A-D230A0B28ED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC178AF-FAF7-49E2-8AE7-1858BD67F44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEA1C54-4636-44B1-B620-85F0D870797E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1819A7A1-366A-4168-AE0E-4CE1FF0D3E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F743E8-72E9-4AEB-B137-A61EB67B8FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92182C-5BBE-4FCD-959B-E95630D16E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "99E9BE91-D42E-4523-A48E-E7B4FBE7A924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5935CA-FDE2-4300-8091-DBD0DC4D2081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DF080128-CC7C-4F71-9268-B7691D54F358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "4783C1BD-B2BA-4D86-A61D-3EB2396DE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "50782308-93FA-4F8F-93FB-4A4E55D95360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C968A9-F07A-4C99-B4A5-434E96DDB928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "A9CD9174-EE47-40B8-8F49-81EAD89267D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "B4FEB07E-4D70-4A24-822E-E4689CB8C9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:-:pro:*:*:*:*:*",
"matchCriteriaId": "59457028-2EA4-472F-A76F-EF867F48937F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.01:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "ABE24C88-6062-4A36-9852-D9EC818EEA0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.1:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "11C793FA-AE7C-430F-B537-19B788D9BC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.1:-:pro:*:*:*:*:*",
"matchCriteriaId": "F80A607A-66A8-4995-A396-5487B8E3029C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.01:-:pro:*:*:*:*:*",
"matchCriteriaId": "C3C21088-A9A5-4CE2-B4D7-8BC48DB84540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.01:b:community_solution:*:*:*:*:*",
"matchCriteriaId": "C1DCAD70-9FFF-4950-875D-586937E93473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.01:b:pro:*:*:*:*:*",
"matchCriteriaId": "395B9CE4-EA3A-42A1-AD37-6487911E10D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56195FCE-D933-40C6-A6A3-6AC8CFECA5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "448081A9-A8C9-4FEC-879B-7FA11997B4D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:-:pro:*:*:*:*:*",
"matchCriteriaId": "E7538776-B7B2-4912-BFE3-E7A1033F41E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.12:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "F33F4F69-D670-4698-84C6-EDD9D78F2D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.12:-:pro:*:*:*:*:*",
"matchCriteriaId": "1E481C6C-F6EF-4E7D-8DAF-F68407DE6501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7AD39A71-0B61-4319-BEE1-12CAD4B095A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.21:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "23B5D056-BC56-4851-8E76-7E22C911EEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.21:-:pro:*:*:*:*:*",
"matchCriteriaId": "CA9BC769-BE45-42EC-8E35-02E6B216D6E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "2B49D8B0-39C9-480B-9471-1846CE5A2142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.23:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "9A1B400B-FEC9-416B-89F2-C96B1BE11BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.23:-:pro:*:*:*:*:*",
"matchCriteriaId": "1458F0E9-6AF1-44C6-B0EC-7BCF314B0038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "8A200E33-641A-41B3-8EB3-E7380B686C8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors."
},
{
"lang": "es",
"value": "El archivo mt-wizard.cgi en Movable Type de Six Apart anterior a versi\u00f3n 4.261, cuando las plantillas globales no se inicializan, permite a los atacantes remotos omitir las restricciones de acceso y (1) enviar correo electr\u00f3nico a direcciones arbitrarias o (2) obtener informaci\u00f3n confidencial por medio de vectores no especificados."
}
],
"id": "CVE-2009-2481",
"lastModified": "2024-11-21T01:04:58.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-16T16:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/en/jp/JVN08369659/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000043.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35534"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35471"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1668"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN08369659/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000043.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-07 04:15
Modified
2024-11-21 07:28
Severity ?
Summary
Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially crafted URL may allow a remote unauthenticated attacker to set a specially crafted URL to the Reset Password page and conduct a phishing attack. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN37014768/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://movabletype.org/news/2022/11/mt-796-688-released.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN37014768/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://movabletype.org/news/2022/11/mt-796-688-released.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
"matchCriteriaId": "4EBDEEB4-E2A9-4D7B-AAFF-8657E9708A24",
"versionEndIncluding": "1.53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium_advanced:*:*:*",
"matchCriteriaId": "7A3C1F5D-755D-4FC4-975D-314C602BE0D4",
"versionEndIncluding": "1.53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F9375A34-27A6-4597-8F7B-14BF40DC8B7E",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "B43BD207-E293-4617-B1C7-5EE7F095BFDE",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "7EBB4183-9E9B-4686-9692-0223FAA34019",
"versionEndExcluding": "7.9.6",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "123C8E47-C983-401D-A081-033E94E112D0",
"versionEndExcluding": "7.9.6",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially crafted URL may allow a remote unauthenticated attacker to set a specially crafted URL to the Reset Password page and conduct a phishing attack. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier."
},
{
"lang": "es",
"value": "Existe una validaci\u00f3n inadecuada de la correcci\u00f3n sint\u00e1ctica de la vulnerabilidad de entrada en la serie Movable Type. Hacer que un usuario acceda a una URL especialmente manipulada puede permitir que un atacante remoto no autenticado establezca una URL especialmente manipulada para la p\u00e1gina Restablecer contrase\u00f1a y realice un ataque de phishing. Los productos/versiones afectados son los siguientes: Movable Type 7 r.5301 y anteriores (Serie Movable Type 7), Movable Type Advanced 7 r.5301 y anteriores (Serie Movable Type Advanced 7), Movable Type 6.8.7 y anteriores (Movable Type 6), Movable Type Advanced 6.8.7 y anteriores (Movable Type Advanced 6 Series), Movable Type Premium 1.53 y anteriores, y Movable Type Premium Advanced 1.53 y anteriores."
}
],
"id": "CVE-2022-45113",
"lastModified": "2024-11-21T07:28:47.780",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-07T04:15:11.233",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN37014768/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2022/11/mt-796-688-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN37014768/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2022/11/mt-796-688-released.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-26 11:15
Modified
2024-11-21 05:34
Severity ?
Summary
Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN94245475/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://www.sixapart.jp/movabletype/news/2020/11/18-1101.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN94245475/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sixapart.jp/movabletype/news/2020/11/18-1101.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
"matchCriteriaId": "88B54728-D87B-49E8-9874-AF6A82BD1718",
"versionEndIncluding": "1.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium_advanced:*:*:*",
"matchCriteriaId": "2CA49FE5-DDA0-4C2F-8FEC-5672E2218DCC",
"versionEndIncluding": "1.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
},
{
"lang": "es",
"value": "La vulnerabilidad de tipo cross-site scripting en Movable Type Movable Type Premium versiones 1.37 y anteriores y Movable Type Premium Advanced versiones 1.37 y anteriores, permite a un atacante remoto autenticado inyectar un script arbitrario por medio de vectores no especificados"
}
],
"id": "CVE-2020-5669",
"lastModified": "2024-11-21T05:34:27.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-26T11:15:07.550",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN94245475/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sixapart.jp/movabletype/news/2020/11/18-1101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN94245475/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sixapart.jp/movabletype/news/2020/11/18-1101.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-26 02:15
Modified
2024-11-21 05:47
Severity ?
Summary
Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), and Movable Type Premium 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN97545738/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://movabletype.org/news/2021/08/mt-780-681-released.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN97545738/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://movabletype.org/news/2021/08/mt-780-681-released.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
"matchCriteriaId": "9ED3A1ED-558E-4783-8BCA-47BB68E92D9D",
"versionEndIncluding": "1.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D37106C9-92CD-44A8-A80B-57754207AE80",
"versionEndExcluding": "7.8.0",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "5CA5A16F-B42D-4DC7-B9A0-5CA49B05DA7B",
"versionEndExcluding": "7.8.0",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), and Movable Type Premium 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting en la pantalla Setting del plugin ContentType Information Widget de Movable Type (Movable Type versiones 7 r.4903 y anteriores (Movable Type 7 Series), Movable Type Advanced 7 versiones r.4903 y anteriores (Movable Type Advanced 7 Series), y Movable Type Premium versiones 1.44 y anteriores), permite a atacantes remotos inyectar script arbitrario o HTML por medio de vectores no especificados."
}
],
"id": "CVE-2021-20814",
"lastModified": "2024-11-21T05:47:14.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-26T02:15:11.743",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-26 02:15
Modified
2024-11-21 05:47
Severity ?
Summary
Cross-site scripting vulnerability in Website Management screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN97545738/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://movabletype.org/news/2021/08/mt-780-681-released.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN97545738/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://movabletype.org/news/2021/08/mt-780-681-released.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
"matchCriteriaId": "9ED3A1ED-558E-4783-8BCA-47BB68E92D9D",
"versionEndIncluding": "1.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium_advanced:*:*:*",
"matchCriteriaId": "69B0E270-7BF7-4B9F-974B-B71B11788D5E",
"versionEndIncluding": "1.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "7BA76A65-0518-40F0-AE15-4EE416911E27",
"versionEndIncluding": "6.8.0",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D37106C9-92CD-44A8-A80B-57754207AE80",
"versionEndExcluding": "7.8.0",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "5CA5A16F-B42D-4DC7-B9A0-5CA49B05DA7B",
"versionEndExcluding": "7.8.0",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Website Management screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting en la pantalla de administraci\u00f3n de sitios web de Movable Type (Movable Type 7 versiones r.4903 y anteriores (Movable Type 7 Series), Movable Type versiones 6.8.0 y anteriores (Movable Type 6 Series), Movable Type Advanced 7 versiones r.4903 y anteriores (Movable Type Advanced 7 Series), Movable Type Premium versiones 1.44 y anteriores, y Movable Type Premium Advanced versiones 1.44 y anteriores), permite a atacantes remotos inyectar script arbitrario o HTML por medio de vectores no especificados."
}
],
"id": "CVE-2021-20810",
"lastModified": "2024-11-21T05:47:13.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-26T02:15:11.447",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-06 10:15
Modified
2024-11-21 05:34
Severity ?
Summary
Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A127E92-0F29-4986-A485-B9B63A7D496A",
"versionEndIncluding": "6.5.2",
"versionStartIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2523B973-E368-4E22-90FB-C903E6F7E977",
"versionEndIncluding": "7.1.4",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "BD2C1B91-06A2-458B-9317-ECACC6485FBA",
"versionEndIncluding": "1.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
"matchCriteriaId": "B4CB4E67-8AC6-4307-93FC-FED5CEF566C5",
"versionEndIncluding": "1.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "8A980D28-58E5-44C1-84F5-29991C94A6DA",
"versionEndIncluding": "6.5.2",
"versionStartIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "F342861D-95E9-4DF8-9E85-29F01D7D1EDB",
"versionEndIncluding": "7.1.4",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de tipo cross-site scripting en la serie Movable Type (Movable Type 7 versiones r.4603 y anteriores (Movable Type 7), Movable Type versiones 6.5.2 y anteriores (Movable Type 6.5), Movable Type Advanced 7 versiones r.4603 y anteriores (Movable Type Advanced 7), Movable Type Advanced versiones 6.5.2 y anteriores (Movable Type Advanced 6.5), Movable Type Premium versiones 1.26 y anteriores (Movable Type Premium) y Movable Type Premium Advanced versiones 1.26 y anteriores (Movable Type Premium Advanced)), permite a atacantes remotos inyectar script web o HTML arbitrario en el editor de bloques y el editor de texto enriquecido por medio de una URL especialmente dise\u00f1ada."
}
],
"id": "CVE-2020-5528",
"lastModified": "2024-11-21T05:34:13.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-06T10:15:11.570",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN94435544/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://movabletype.org/news/2020/02/movable_type_r4605_v720_v653_and_v6311_released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN94435544/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://movabletype.org/news/2020/02/movable_type_r4605_v720_v653_and_v6311_released.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-03 04:04
Modified
2024-11-21 01:34
Severity ?
Summary
Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the (1) commenting feature and (2) community script.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:open_source:*:*:*:*:*",
"matchCriteriaId": "8F2D1316-CAC7-4E50-A76A-03636377785A",
"versionEndIncluding": "4.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.28:*:open_source:*:*:*:*:*",
"matchCriteriaId": "BAAD088A-29B4-44B4-BB90-6BEF55428902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.29:*:open_source:*:*:*:*:*",
"matchCriteriaId": "6DE4CBB7-14AE-45F4-9170-3C097844E8DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.36:*:open_source:*:*:*:*:*",
"matchCriteriaId": "CD6E7E17-E69C-43C7-A9E3-1A7339B8BF68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.291:*:open_source:*:*:*:*:*",
"matchCriteriaId": "320C5974-DA38-443F-9BAF-C60E729D3148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.292:*:open_source:*:*:*:*:*",
"matchCriteriaId": "7020769D-803A-473A-8F1A-4984F870D6B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.361:*:open_source:*:*:*:*:*",
"matchCriteriaId": "85FA0AB7-78D6-42DC-83E7-9630BD8EFCD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:*:open_source:*:*:*:*:*",
"matchCriteriaId": "A8EF53B9-7E86-40D5-AD18-35B09BD346D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.01:*:open_source:*:*:*:*:*",
"matchCriteriaId": "46CDB676-CD09-44C4-9E49-0BC32F5EA49A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.1:*:open_source:*:*:*:*:*",
"matchCriteriaId": "E7179FE9-17D8-48BD-B3EC-A29D4C603A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.02:*:open_source:*:*:*:*:*",
"matchCriteriaId": "941F8723-0838-42B9-825B-C85FF01CC35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.04:*:open_source:*:*:*:*:*",
"matchCriteriaId": "9733B5E7-7A7E-48D6-9F80-7AF9DFDBD76A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.05:*:open_source:*:*:*:*:*",
"matchCriteriaId": "A82BFEF5-275A-45E6-B42B-1FB22E278A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.06:*:open_source:*:*:*:*:*",
"matchCriteriaId": "2433941D-2DC2-4155-93F7-282AD4272334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.11:*:open_source:*:*:*:*:*",
"matchCriteriaId": "EF917586-EF61-4E4B-8739-5EDF18CCB364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.12:*:open_source:*:*:*:*:*",
"matchCriteriaId": "50529598-338F-4077-ABBF-7CE00E8E7FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.051:*:open_source:*:*:*:*:*",
"matchCriteriaId": "D9C1C42D-7BC2-428F-B9CB-4BAE2D8E0E5C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "2FB744CC-02DF-46F6-A524-27DBBB3C33BF",
"versionEndIncluding": "4.292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.28:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "4A2BA875-0C6E-4AD4-9271-CB31E2B2B072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.29:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "59DC45AB-BF7F-4817-A0FB-E3EBCA8CB761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.291:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "B516CE7A-7751-4CE0-8E16-097058A6657D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.1:*:advanced:*:*:*:*:*",
"matchCriteriaId": "4495F904-41A1-4915-A26D-47DA07F17D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.02:*:advanced:*:*:*:*:*",
"matchCriteriaId": "4D930A60-15BE-43E9-9B76-D0723D9B1E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.04:*:advanced:*:*:*:*:*",
"matchCriteriaId": "0006333C-7916-4BB3-8698-EE48D62AE67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.05:*:advanced:*:*:*:*:*",
"matchCriteriaId": "2F400986-9A21-4C5C-95A7-F5F61D199CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.06:*:advanced:*:*:*:*:*",
"matchCriteriaId": "9AAB067E-EF83-4528-A0A4-06821CAEE687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.11:*:advanced:*:*:*:*:*",
"matchCriteriaId": "E0A5BFC0-6F5C-48B5-BA97-9D7CA292DB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.12:*:advanced:*:*:*:*:*",
"matchCriteriaId": "3EAC6A53-748D-4CB8-A0BB-AE19B23D1812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.051:*:advanced:*:*:*:*:*",
"matchCriteriaId": "4E616E4E-6D78-4931-9233-3EED49B1B6AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA6D5B7-BB96-46A9-AD07-F4F744657396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "8342D067-1B16-463D-838B-D16EF7DDCCBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "91A91FDA-16BD-40A3-A055-1F9F61BC90A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "A22E7F1C-19D3-4C72-8EC7-E968FDEDA780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "1B8D3280-D97B-47C9-8737-8DABCA53C290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "3089827B-7A32-4EA4-93EC-63B80FF5E690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "A929B42C-7C65-4D62-B418-EEEF0C3D0E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "10D3CF75-84DE-412A-BB7C-1A9889B06D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2CF07C91-FF25-46AC-B42A-DD6D0F72238E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F0C879EF-5E16-49D4-9A6E-21C44C041D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "403A8118-6AFE-4A25-882E-1928B489C80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "E38527C3-2E6F-4B9A-AF59-39AC2C3F7E9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "D197DDAE-00ED-47D5-9F6A-6E15EAE56755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C628DCF9-7F07-447F-9F1F-636D431BBD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56195FCE-D933-40C6-A6A3-6AC8CFECA5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0B18D123-7449-489B-B3EC-0A72B879D92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "BD8B70C3-003A-4768-B2B4-486688952BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "69CAACDD-2304-4F1B-AD36-5F3B06A87551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB18069-B21A-4663-93B2-F055A9D7D78D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.15:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F249491D-31C3-47D9-97B4-84C53E8C90E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.15:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5BBCAE47-DEB7-41F4-B21E-8E77AA76483A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.15:beta4:*:*:*:*:*:*",
"matchCriteriaId": "4A2B6514-6F27-454A-9CF9-F198438E4B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E36DD87F-F918-4BDD-98B7-41527470B838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "2B49D8B0-39C9-480B-9471-1846CE5A2142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "F909511A-D7B6-4033-AB99-87D6BC5741F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "8A200E33-641A-41B3-8EB3-E7380B686C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "52311931-CE3A-487B-B153-4066D07F63E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "86ED3B93-8769-4A60-BAE4-C50483254905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "703EEB4B-4747-45D5-9335-6FD5CB238F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "36E48EE7-3212-406E-80AB-26B0206E97E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1ADC65FF-B4E8-4346-80DE-647BDC4A4D3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.36:*:*:*:*:*:*:*",
"matchCriteriaId": "F8E76C88-E486-4463-BA41-6A08ECC5E214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.37:*:*:*:*:*:*:*",
"matchCriteriaId": "93798CD5-1099-4B6A-9303-6EFD037F5B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.261:*:*:*:*:*:*:*",
"matchCriteriaId": "E4905997-E4CE-406D-BE0F-B5E2F87AA177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.291:*:*:*:*:*:*:*",
"matchCriteriaId": "45A49069-F509-4C30-BC9F-DB1FF7C39294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.292:*:*:*:*:*:*:*",
"matchCriteriaId": "E7330A56-5D69-495B-B0E9-A820B70573C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.361:*:*:*:*:*:*:*",
"matchCriteriaId": "9951EF1D-0D13-4215-9066-C17B352E6C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F978B3B9-8300-45A7-BDBD-13C504A1BCCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "2C0E810B-453A-4C22-A8AF-C8DC83104A56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DF2F85C7-77AA-4431-8017-7EE66D2216CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "944DAD7F-2A51-4641-AFE9-5CB6AB957923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "45E04B8D-6F13-4D7C-9D99-70718EF82BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "941AF9C9-341E-4820-8B1C-5D8C5B19861A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0AB08B1C-C527-4D51-932B-7DAC8D507F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "246D565F-5260-4F5E-B766-95BADF16BC59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "59407222-BBBB-468A-8604-A50ED9F40048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "FA6CA4D7-E19C-4783-88AC-8F32F2588AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8790230-BE95-496F-8212-284125FF6376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.02:*:*:*:*:*:*:*",
"matchCriteriaId": "CF488003-44FA-48F4-8F5A-46B46523E175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.03:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0A9628-B04F-492D-8158-DE95980CE4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.04:*:*:*:*:*:*:*",
"matchCriteriaId": "D910C9B1-15D1-4E8F-8901-25063D26DC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.05:*:*:*:*:*:*:*",
"matchCriteriaId": "F0627468-9A42-4793-8E20-F22BD433FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.06:*:*:*:*:*:*:*",
"matchCriteriaId": "995A2AAB-E9C5-4B23-8230-D04F15097909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.07:*:*:*:*:*:*:*",
"matchCriteriaId": "D8ECAE19-F294-48D8-BD97-B4E01C054E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AE116A08-FD4A-4BC1-A79A-513648931D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8E704381-8161-4795-A7F5-9E4D8B006C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.031:*:*:*:*:*:*:*",
"matchCriteriaId": "98DC35B2-E679-4049-8A2B-CE2C6F7E6E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.051:*:*:*:*:*:*:*",
"matchCriteriaId": "48B948EF-0687-4C14-A8AD-9A3B5E055A1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the (1) commenting feature and (2) community script."
},
{
"lang": "es",
"value": "Movable Type anteriores a 4.38, 5.0x anteriores a 5.07, y 5.1x anteriores a 5.13 permite a atacantes remotos controlar las sesiones a trav\u00e9s de vectores sin especificar relacionados con (1) la caracter\u00edstica \"commenting\" (2) y \"community script\"."
}
],
"id": "CVE-2012-0320",
"lastModified": "2024-11-21T01:34:47.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-03T04:04:57.750",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN20083397/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000018"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/52138"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securitytracker.com/id?1026738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN20083397/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026738"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-29 13:55
Modified
2024-11-21 01:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | 5.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.13:*:*:*:professional:*:*:*",
"matchCriteriaId": "D9B61408-0A60-44F5-B0C3-E798556B9684",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Six Apart (anteriormente Six Apart KK) Movable Type (MT) Pro 5.13 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de la secci\u00f3n de comentarios."
}
],
"id": "CVE-2012-1503",
"lastModified": "2024-11-21T01:37:06.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-08-29T13:55:04.207",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/show/osvdb/86729"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/117564/Movable-Type-Pro-5.13en-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/22151"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/56160"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/show/osvdb/86729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/117564/Movable-Type-Pro-5.13en-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/22151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/56160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79521"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-07 04:15
Modified
2024-11-21 07:26
Severity ?
Summary
Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN37014768/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://movabletype.org/news/2022/11/mt-796-688-released.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN37014768/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://movabletype.org/news/2022/11/mt-796-688-released.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
"matchCriteriaId": "4EBDEEB4-E2A9-4D7B-AAFF-8657E9708A24",
"versionEndIncluding": "1.53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium_advanced:*:*:*",
"matchCriteriaId": "7A3C1F5D-755D-4FC4-975D-314C602BE0D4",
"versionEndIncluding": "1.53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "7EBB4183-9E9B-4686-9692-0223FAA34019",
"versionEndExcluding": "7.9.6",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "123C8E47-C983-401D-A081-033E94E112D0",
"versionEndExcluding": "7.9.6",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of \u0027Manage of Content Types\u0027 may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier."
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de Server-Side Includes (SSW) dentro de una p\u00e1gina web de la serie Movable Type permite que un atacante remoto autenticado con el privilegio de \u0027Administrar tipos de contenido\u0027 pueda ejecutar un script Perl arbitrario y/o un comando del sistema operativo arbitrario. Los productos/versiones afectados son los siguientes: Movable Type 7 r.5301 y anteriores (Serie Movable Type 7), Movable Type Advanced 7 r.5301 y anteriores (Serie Movable Type Advanced 7), Movable Type Premium 1.53 y anteriores, y Movable Type Premium Avanzado 1.53 y anteriores."
}
],
"id": "CVE-2022-43660",
"lastModified": "2024-11-21T07:26:59.477",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-07T04:15:10.900",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN37014768/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2022/11/mt-796-688-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN37014768/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2022/11/mt-796-688-released.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-05 20:30
Modified
2024-11-21 00:55
Severity ?
Summary
Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a "system-wide entry listing screen."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | 3.0d | |
| sixapart | movable_type | 3.1 | |
| sixapart | movable_type | 3.01d | |
| sixapart | movable_type | 3.2 | |
| sixapart | movable_type | 3.3 | |
| sixapart | movable_type | 3.11 | |
| sixapart | movable_type | 3.12 | |
| sixapart | movable_type | 3.14 | |
| sixapart | movable_type | 3.15 | |
| sixapart | movable_type | 3.16 | |
| sixapart | movable_type | 3.17 | |
| sixapart | movable_type | 3.32 | |
| sixapart | movable_type | 3.33 | |
| sixapart | movable_type | 3.34 | |
| sixapart | movable_type | 3.35 | |
| sixapart | movable_type | 4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBD43712-58DD-4A34-848B-13EC14159785",
"versionEndIncluding": "4.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.0d:*:*:*:*:*:*:*",
"matchCriteriaId": "461319CC-BCDC-4E24-B384-1EEC8B7C4596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "967DAF27-D561-4FDB-A65C-788551871E5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.01d:*:*:*:*:*:*:*",
"matchCriteriaId": "DD460D1D-5971-491E-863A-D230A0B28ED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC178AF-FAF7-49E2-8AE7-1858BD67F44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEA1C54-4636-44B1-B620-85F0D870797E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1819A7A1-366A-4168-AE0E-4CE1FF0D3E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F743E8-72E9-4AEB-B137-A61EB67B8FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92182C-5BBE-4FCD-959B-E95630D16E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "99E9BE91-D42E-4523-A48E-E7B4FBE7A924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5935CA-FDE2-4300-8091-DBD0DC4D2081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DF080128-CC7C-4F71-9268-B7691D54F358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "4783C1BD-B2BA-4D86-A61D-3EB2396DE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "50782308-93FA-4F8F-93FB-4A4E55D95360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C968A9-F07A-4C99-B4A5-434E96DDB928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "A9CD9174-EE47-40B8-8F49-81EAD89267D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56195FCE-D933-40C6-A6A3-6AC8CFECA5DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a \"system-wide entry listing screen.\""
},
{
"lang": "es",
"value": "Six Apart Movable Type (MT) anterior a v4.23 permite a usuarios remotos autenticados con permiso para crear entradas destinadas a evitar las restricciones de acceso y publicaci\u00f3n de entradas a trav\u00e9s de un \"system-wide entry listing screen\"."
}
],
"id": "CVE-2008-5846",
"lastModified": "2024-11-21T00:55:01.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-05T20:30:02.343",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.movabletype.org/mt_423_change_log.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33133"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.movabletype.org/mt_423_change_log.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47759"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-03 00:30
Modified
2024-11-21 01:00
Severity ?
Summary
Unspecified vulnerability in Movable Type Pro and Community Solution 4.x before 4.24 has unknown impact and attack vectors, possibly related to the password recovery mechanism.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | 4.0 | |
| sixapart | movable_type | 4.0 | |
| sixapart | movable_type | 4.01 | |
| sixapart | movable_type | 4.1 | |
| sixapart | movable_type | 4.1 | |
| sixapart | movable_type | 4.01 | |
| sixapart | movable_type | 4.01 | |
| sixapart | movable_type | 4.01 | |
| sixapart | movable_type | 4.2 | |
| sixapart | movable_type | 4.2 | |
| sixapart | movable_type | 4.12 | |
| sixapart | movable_type | 4.12 | |
| sixapart | movable_type | 4.21 | |
| sixapart | movable_type | 4.21 | |
| sixapart | movable_type | 4.23 | |
| sixapart | movable_type | 4.23 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "B4FEB07E-4D70-4A24-822E-E4689CB8C9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:-:pro:*:*:*:*:*",
"matchCriteriaId": "59457028-2EA4-472F-A76F-EF867F48937F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.01:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "ABE24C88-6062-4A36-9852-D9EC818EEA0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.1:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "11C793FA-AE7C-430F-B537-19B788D9BC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.1:-:pro:*:*:*:*:*",
"matchCriteriaId": "F80A607A-66A8-4995-A396-5487B8E3029C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.01:-:pro:*:*:*:*:*",
"matchCriteriaId": "C3C21088-A9A5-4CE2-B4D7-8BC48DB84540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.01:b:community_solution:*:*:*:*:*",
"matchCriteriaId": "C1DCAD70-9FFF-4950-875D-586937E93473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.01:b:pro:*:*:*:*:*",
"matchCriteriaId": "395B9CE4-EA3A-42A1-AD37-6487911E10D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "448081A9-A8C9-4FEC-879B-7FA11997B4D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:-:pro:*:*:*:*:*",
"matchCriteriaId": "E7538776-B7B2-4912-BFE3-E7A1033F41E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.12:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "F33F4F69-D670-4698-84C6-EDD9D78F2D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.12:-:pro:*:*:*:*:*",
"matchCriteriaId": "1E481C6C-F6EF-4E7D-8DAF-F68407DE6501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.21:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "23B5D056-BC56-4851-8E76-7E22C911EEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.21:-:pro:*:*:*:*:*",
"matchCriteriaId": "CA9BC769-BE45-42EC-8E35-02E6B216D6E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.23:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "9A1B400B-FEC9-416B-89F2-C96B1BE11BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.23:-:pro:*:*:*:*:*",
"matchCriteriaId": "1458F0E9-6AF1-44C6-B0EC-7BCF314B0038",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Movable Type Pro and Community Solution 4.x before 4.24 has unknown impact and attack vectors, possibly related to the password recovery mechanism."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en Movable Type Pro y Community Solution v4.x anteriores a v4.24 cuyo impacto y vectores de ataque se desconocen, pero que, posiblemente, est\u00e9n relacionados con el mecanismo de recuperaci\u00f3n de contrase\u00f1as."
}
],
"id": "CVE-2009-0752",
"lastModified": "2024-11-21T01:00:50.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-03T00:30:00.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.movabletype.com/blog/2009/02/movable-type-424-get-updated-with-better-password-recovery.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.movabletype.com/blog/2009/02/movable-type-424-get-updated-with-better-password-recovery.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-16 18:59
Modified
2024-11-21 02:20
Severity ?
Summary
SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 7.0 | |
| sixapart | movable_type | * | |
| sixapart | movable_type | 5.2 | |
| sixapart | movable_type | 5.2.2 | |
| sixapart | movable_type | 5.2.3 | |
| sixapart | movable_type | 5.2.4 | |
| sixapart | movable_type | 5.2.5 | |
| sixapart | movable_type | 5.2.6 | |
| sixapart | movable_type | 5.2.7 | |
| sixapart | movable_type | 5.2.8 | |
| sixapart | movable_type | 5.2.9 | |
| sixapart | movable_type | 5.2.10 | |
| sixapart | movable_type | 6.0 | |
| sixapart | movable_type | 6.0.1 | |
| sixapart | movable_type | 6.0.2 | |
| sixapart | movable_type | 6.0.3 | |
| sixapart | movable_type | 6.0.4 | |
| sixapart | movable_type | 6.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B49FB7A9-A9F2-42C3-9CAE-8858871083DC",
"versionEndIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EBF8F8C-A971-4995-865D-64029D03B798",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D68B4C3-17CA-462B-9526-30FD66567CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B3BEB-41F6-40E7-A7F6-3470442914C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57ABAB73-F8B7-4B9F-B9A3-D40F70EB0657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9136D5F8-1E70-44CA-B078-C58E68FE877D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "941B8F26-D0F0-45A9-AE9F-F94E0601B653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D25545AA-2386-4A1D-97DB-33CCA8F7C221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EA671B41-589B-454A-93A1-7E236149DB0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC9C506-ACBD-4728-A9E5-FC20C5B0EC18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFC684C-329C-4E04-A2B6-2485E0FAEE2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "902C2FCF-BA2D-41C5-93FF-3BCDE3A47122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49EEDEF1-6FC7-4351-BB0A-869399FA9897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "317DFEBE-A802-4648-BD9C-FCFE60102F83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49929D16-19EE-49C0-B234-5B5CD5E9E9EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0781073B-137B-448F-9C1B-D5CB704BD1D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCE0731-5212-4CBF-8D84-984F94925DFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la interfaz XML-RPC en Movable Type anterior a 5.18, 5.2.x anterior a 5.2.11, y 6.x anterior a 6.0.6 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-9057",
"lastModified": "2024-11-21T02:20:10.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-16T18:59:12.840",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61227"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://movabletype.org/documentation/appendices/release-notes/6.0.6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2014/12/6.0.6.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2015/dsa-3183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://movabletype.org/documentation/appendices/release-notes/6.0.6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2014/12/6.0.6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2015/dsa-3183"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-02 18:55
Modified
2024-11-21 01:33
Severity ?
Summary
Unspecified vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to read or modify data via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA6D5B7-BB96-46A9-AD07-F4F744657396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "8342D067-1B16-463D-838B-D16EF7DDCCBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "91A91FDA-16BD-40A3-A055-1F9F61BC90A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "A22E7F1C-19D3-4C72-8EC7-E968FDEDA780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "1B8D3280-D97B-47C9-8737-8DABCA53C290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "3089827B-7A32-4EA4-93EC-63B80FF5E690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "A929B42C-7C65-4D62-B418-EEEF0C3D0E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "10D3CF75-84DE-412A-BB7C-1A9889B06D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2CF07C91-FF25-46AC-B42A-DD6D0F72238E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F0C879EF-5E16-49D4-9A6E-21C44C041D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "403A8118-6AFE-4A25-882E-1928B489C80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC553F4-89D4-40A8-BEF3-9ABEECE9366F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82084FAB-6563-483E-95F1-49D9BCEB5C8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "E38527C3-2E6F-4B9A-AF59-39AC2C3F7E9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.01:beta:*:*:*:*:*:*",
"matchCriteriaId": "0847531A-24B6-464E-A892-9FFB8961ED1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "D197DDAE-00ED-47D5-9F6A-6E15EAE56755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.01:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E030ADF7-ADF5-458E-81ED-CD565F9725FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C628DCF9-7F07-447F-9F1F-636D431BBD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.01:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ADD27600-5559-4FC3-8877-681AB32207AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56195FCE-D933-40C6-A6A3-6AC8CFECA5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0B18D123-7449-489B-B3EC-0A72B879D92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "BD8B70C3-003A-4768-B2B4-486688952BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "69CAACDD-2304-4F1B-AD36-5F3B06A87551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB18069-B21A-4663-93B2-F055A9D7D78D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.15:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F249491D-31C3-47D9-97B4-84C53E8C90E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.15:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5BBCAE47-DEB7-41F4-B21E-8E77AA76483A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.15:beta4:*:*:*:*:*:*",
"matchCriteriaId": "4A2B6514-6F27-454A-9CF9-F198438E4B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7AD39A71-0B61-4319-BEE1-12CAD4B095A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E36DD87F-F918-4BDD-98B7-41527470B838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "2B49D8B0-39C9-480B-9471-1846CE5A2142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "F909511A-D7B6-4033-AB99-87D6BC5741F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "8A200E33-641A-41B3-8EB3-E7380B686C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "52311931-CE3A-487B-B153-4066D07F63E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "86ED3B93-8769-4A60-BAE4-C50483254905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "703EEB4B-4747-45D5-9335-6FD5CB238F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "36E48EE7-3212-406E-80AB-26B0206E97E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1ADC65FF-B4E8-4346-80DE-647BDC4A4D3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.36:*:*:*:*:*:*:*",
"matchCriteriaId": "F8E76C88-E486-4463-BA41-6A08ECC5E214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.261:*:*:*:*:*:*:*",
"matchCriteriaId": "E4905997-E4CE-406D-BE0F-B5E2F87AA177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.291:*:*:*:*:*:*:*",
"matchCriteriaId": "45A49069-F509-4C30-BC9F-DB1FF7C39294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.292:*:*:*:*:*:*:*",
"matchCriteriaId": "E7330A56-5D69-495B-B0E9-A820B70573C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F978B3B9-8300-45A7-BDBD-13C504A1BCCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "2C0E810B-453A-4C22-A8AF-C8DC83104A56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DF2F85C7-77AA-4431-8017-7EE66D2216CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "944DAD7F-2A51-4641-AFE9-5CB6AB957923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "45E04B8D-6F13-4D7C-9D99-70718EF82BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "941AF9C9-341E-4820-8B1C-5D8C5B19861A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0AB08B1C-C527-4D51-932B-7DAC8D507F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "246D565F-5260-4F5E-B766-95BADF16BC59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "59407222-BBBB-468A-8604-A50ED9F40048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.02:*:*:*:*:*:*:*",
"matchCriteriaId": "CF488003-44FA-48F4-8F5A-46B46523E175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.03:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0A9628-B04F-492D-8158-DE95980CE4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.04:*:*:*:*:*:*:*",
"matchCriteriaId": "D910C9B1-15D1-4E8F-8901-25063D26DC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.05:*:*:*:*:*:*:*",
"matchCriteriaId": "F0627468-9A42-4793-8E20-F22BD433FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.031:*:*:*:*:*:*:*",
"matchCriteriaId": "98DC35B2-E679-4049-8A2B-CE2C6F7E6E89",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to read or modify data via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no espec\u00edfica en Movable Type v4.x anteriores a v4.36 y v5.x anteriores a v5.05 permite a atacantes remotos leer y modificar datos a trav\u00e9s de vectores no determinados."
}
],
"id": "CVE-2011-5085",
"lastModified": "2024-11-21T01:33:35.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-04-02T18:55:00.967",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-14 02:15
Modified
2024-11-21 05:34
Severity ?
Summary
Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN28806943/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://movabletype.org/news/2020/05/mt-730-660-6312-released.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN28806943/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://movabletype.org/news/2020/05/mt-730-660-6312-released.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "3D88132B-1FE5-42F9-8E06-84DC0FA31C46",
"versionEndIncluding": "1.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
"matchCriteriaId": "2005D2D5-4CA2-4644-9F87-B7DCA1EBF132",
"versionEndIncluding": "1.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "98A6AEB4-B75E-4759-AD1B-D87D410652E6",
"versionEndIncluding": "6.3.11",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "65955180-1085-4A67-9E96-AAAD69237E85",
"versionEndIncluding": "6.3.11",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "00F5146E-F4DF-44CD-A5AC-F42191FCE558",
"versionEndIncluding": "6.5.3",
"versionStartIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "62413AE4-54CE-4C8F-9CD3-8C6B5F118F85",
"versionEndIncluding": "6.5.3",
"versionStartIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:aws:*:*",
"matchCriteriaId": "5A47BEEF-E49C-4AB5-BCB1-7A46B3784C6B",
"versionEndIncluding": "7.2.1",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "5BE18A59-7288-4CB8-AFA0-C8CFAB9DCA09",
"versionEndIncluding": "7.2.1",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "831E171A-BDA4-4181-B817-0D307B37D472",
"versionEndIncluding": "7.2.1",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting en la serie Movable Type (Movable Type versiones 7 r.4606 (7.2.1) y anteriores (Movable Type versi\u00f3n 7), Movable Type Advanced versiones 7 r.4606 (7.2.1) y anteriores (Movable Type Advanced versi\u00f3n 7), Movable Type para AWS versiones 7 r.4606 (7.2.1) y anteriores (Movable Type para AWS versi\u00f3n 7), Movable Type versiones 6.5.3 y anteriores (Movable Type versi\u00f3n 6.5), Movable Type Advanced versiones 6.5.3 y anteriores (Movable Type Advanced versi\u00f3n 6.5), Movable Type versiones 6.3.11 y anteriores (Movable Type versi\u00f3n 6.3), Movable Type Advanced versiones 6.3.11 y anteriores (Movable Type versi\u00f3n 6.3), Movable Type Premium versiones 1.29 y anteriores, y Movable Type Premium Advanced versiones 1.29 y anteriores), permite a atacantes remotos inyectar script o HTML arbitrario por medio de vectores no especificados."
}
],
"id": "CVE-2020-5575",
"lastModified": "2024-11-21T05:34:18.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-14T02:15:11.327",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN28806943/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN28806943/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-14 02:15
Modified
2024-11-21 05:34
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN28806943/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://movabletype.org/news/2020/05/mt-730-660-6312-released.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN28806943/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://movabletype.org/news/2020/05/mt-730-660-6312-released.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "3D88132B-1FE5-42F9-8E06-84DC0FA31C46",
"versionEndIncluding": "1.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
"matchCriteriaId": "2005D2D5-4CA2-4644-9F87-B7DCA1EBF132",
"versionEndIncluding": "1.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "98A6AEB4-B75E-4759-AD1B-D87D410652E6",
"versionEndIncluding": "6.3.11",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "65955180-1085-4A67-9E96-AAAD69237E85",
"versionEndIncluding": "6.3.11",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "00F5146E-F4DF-44CD-A5AC-F42191FCE558",
"versionEndIncluding": "6.5.3",
"versionStartIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "62413AE4-54CE-4C8F-9CD3-8C6B5F118F85",
"versionEndIncluding": "6.5.3",
"versionStartIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:aws:*:*",
"matchCriteriaId": "5A47BEEF-E49C-4AB5-BCB1-7A46B3784C6B",
"versionEndIncluding": "7.2.1",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "5BE18A59-7288-4CB8-AFA0-C8CFAB9DCA09",
"versionEndIncluding": "7.2.1",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "831E171A-BDA4-4181-B817-0D307B37D472",
"versionEndIncluding": "7.2.1",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site request forgery (CSRF) en la serie Movable Type (Movable Type versiones 7 r.4606 (7.2.1) y anteriores (Movable Type versi\u00f3n 7), Movable Type Advanced versiones 7 r.4606 (7.2.1) y anteriores (Movable Type Advanced versi\u00f3n 7), Movable Type para AWS versiones 7 r.4606 (7.2.1) y anteriores (Movable Type para AWS versi\u00f3n 7), Movable Type versiones 6.5.3 y anteriores (Movable Type versi\u00f3n 6.5), Movable Type Advanced versiones 6.5.3 y anteriores (Movable Type Advanced versi\u00f3n 6.5), Movable Type versiones 6.3.11 y anteriores (Movable Type versi\u00f3n 6.3), Movable Type Advanced versiones 6.3.11 y anteriores (Movable Type versi\u00f3n 6.3), Movable Type Premium versiones 1.29 y anteriores, y Movable Type Premium Advanced versiones 1.29 y anteriores), permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores por medio de vectores no especificados."
}
],
"id": "CVE-2020-5576",
"lastModified": "2024-11-21T05:34:18.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-14T02:15:11.407",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN28806943/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN28806943/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-07 04:15
Modified
2024-11-21 07:28
Severity ?
Summary
Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN37014768/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://movabletype.org/news/2022/11/mt-796-688-released.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN37014768/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://movabletype.org/news/2022/11/mt-796-688-released.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
"matchCriteriaId": "4EBDEEB4-E2A9-4D7B-AAFF-8657E9708A24",
"versionEndIncluding": "1.53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium_advanced:*:*:*",
"matchCriteriaId": "7A3C1F5D-755D-4FC4-975D-314C602BE0D4",
"versionEndIncluding": "1.53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F9375A34-27A6-4597-8F7B-14BF40DC8B7E",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "B43BD207-E293-4617-B1C7-5EE7F095BFDE",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "7EBB4183-9E9B-4686-9692-0223FAA34019",
"versionEndExcluding": "7.9.6",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "123C8E47-C983-401D-A081-033E94E112D0",
"versionEndExcluding": "7.9.6",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier allows a remote unauthenticated attacker to inject an arbitrary script."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting en Movable Type Movable Type 7 r.5301 y anteriores (Movable Type 7 Series), Movable Type Advanced 7 r.5301 y anteriores (Movable Type Advanced 7 Series), Movable Type 6.8.7 y anteriores (Movable Type 6 Series), Movable Type Advanced 6.8.7 y anteriores (Movable Type Advanced 6 Series), Movable Type Premium 1.53 y anteriores, y Movable Type Premium Advanced 1.53 y anteriores permiten a un atacante remoto no autenticado inyectar un script arbitrario."
}
],
"id": "CVE-2022-45122",
"lastModified": "2024-11-21T07:28:48.260",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-07T04:15:11.283",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN37014768/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2022/11/mt-796-688-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN37014768/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2022/11/mt-796-688-released.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-19 15:59
Modified
2024-11-21 02:25
Severity ?
Summary
Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 7.0 | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "ED67793B-2C47-4FB7-9AF3-10BBDE46828A",
"versionEndExcluding": "5.2.12",
"versionStartIncluding": "5.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:open_source:*:*:*",
"matchCriteriaId": "E7B7E18A-23A6-4BC6-B1FF-94F26F5E8AFC",
"versionEndExcluding": "5.2.12",
"versionStartIncluding": "5.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:pro:*:*:*",
"matchCriteriaId": "8ADE14A2-22AE-4485-825F-827079AF54F3",
"versionEndExcluding": "5.2.12",
"versionStartIncluding": "5.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "D1FFA6A0-A705-448A-9B65-9F26DE8F54E3",
"versionEndExcluding": "6.0.7",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:pro:*:*:*",
"matchCriteriaId": "EBD7CA69-4A36-470D-8BC7-ED2B9FC267B5",
"versionEndExcluding": "6.0.7",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "Movable Type Pro, Open Source, y Advanced anterior a 5.2.12 y Pro y Advanced 6.0.x anterior a 6.0.7 no utiliza correctamente la funci\u00f3n Storable::thaw de Perl, lo que permite a atacantes remotos incluir y ejecutar ficheros locales de Perl arbitrarios y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-1592",
"lastModified": "2024-11-21T02:25:43.847",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-19T15:59:16.580",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/12/17"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/12/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72606"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031777"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100912"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2015/dsa-3183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/12/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/12/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2015/dsa-3183"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-30 05:15
Modified
2024-11-21 08:27
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN39139884/ | Third Party Advisory | |
| vultures@jpcert.or.jp | https://movabletype.org/news/2023/10/mt-79020-released.html | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN39139884/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://movabletype.org/news/2023/10/mt-79020-released.html | Release Notes |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D242B396-0197-493E-9CE5-4EBB5A5CF36E",
"versionEndExcluding": "7.902.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "9BEB4B78-5B34-4270-BF2D-BD3D0F096D36",
"versionEndExcluding": "7.902.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
"matchCriteriaId": "6F1DEC6D-4344-4258-BF96-5AB5FFCBED42",
"versionEndExcluding": "1.59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium_advanced:*:*:*",
"matchCriteriaId": "0E4BC7F6-287E-4CA1-9E0A-4B5CB968A2D8",
"versionEndExcluding": "1.59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:aws:*:*:*",
"matchCriteriaId": "7E6E65B7-1E20-4564-A045-7BB7DD8B3A09",
"versionEndExcluding": "7.902.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced_aws:*:*:*",
"matchCriteriaId": "2877D685-C71B-4E0B-96AB-9CC6B68EEF8B",
"versionEndExcluding": "1.59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en la serie Movable Type permite a un atacante remoto autenticado inyectar un script arbitrario. Los productos/versiones afectados son los siguientes: \nMovable Type 7 r.5405 y anteriores (Serie Movable Type 7)\nMovable Type Advanced 7 r.5405 y anteriores (Serie Movable Type 7)\nMovable Type Premium 1.58 y anteriores, Movable Type Premium Advanced 1.58 y anteriores\nMovable Type Cloud Edition (Versi\u00f3n 7) r.5405 y anteriores\nMovable Type Premium Cloud Edition 1.58 y anteriores."
}
],
"id": "CVE-2023-45746",
"lastModified": "2024-11-21T08:27:17.743",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-10-30T05:15:09.993",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN39139884/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes"
],
"url": "https://movabletype.org/news/2023/10/mt-79020-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN39139884/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://movabletype.org/news/2023/10/mt-79020-released.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-14 02:15
Modified
2024-11-21 05:34
Severity ?
Summary
HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN28806943/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://movabletype.org/news/2020/05/mt-730-660-6312-released.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN28806943/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://movabletype.org/news/2020/05/mt-730-660-6312-released.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "3D88132B-1FE5-42F9-8E06-84DC0FA31C46",
"versionEndIncluding": "1.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
"matchCriteriaId": "2005D2D5-4CA2-4644-9F87-B7DCA1EBF132",
"versionEndIncluding": "1.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "98A6AEB4-B75E-4759-AD1B-D87D410652E6",
"versionEndIncluding": "6.3.11",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "65955180-1085-4A67-9E96-AAAD69237E85",
"versionEndIncluding": "6.3.11",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "00F5146E-F4DF-44CD-A5AC-F42191FCE558",
"versionEndIncluding": "6.5.3",
"versionStartIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "62413AE4-54CE-4C8F-9CD3-8C6B5F118F85",
"versionEndIncluding": "6.5.3",
"versionStartIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:aws:*:*",
"matchCriteriaId": "5A47BEEF-E49C-4AB5-BCB1-7A46B3784C6B",
"versionEndIncluding": "7.2.1",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "5BE18A59-7288-4CB8-AFA0-C8CFAB9DCA09",
"versionEndIncluding": "7.2.1",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "831E171A-BDA4-4181-B817-0D307B37D472",
"versionEndIncluding": "7.2.1",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n del valor de atributo HTML en la serie Movable Type (Movable Type versiones 7 r.4606 (7.2.1) y anteriores (Movable Type versi\u00f3n 7), Movable Type Advanced versiones 7 r.4606 (7.2.1) y anteriores (Movable Type Advanced versi\u00f3n 7), Movable Type para AWS versiones 7 r.4606 (7.2.1) y anteriores (Movable Type para AWS versi\u00f3n 7), Movable Type versiones 6.5.3 y anteriores (Movable Type versi\u00f3n 6.5), Movable Type Advanced versiones 6.5.3 y anteriores (Movable Type Advanced versi\u00f3n 6.5), Movable Type versiones 6.3.11 y anteriores (Movable Type versi\u00f3n 6.3), Movable Type Advanced versiones 6.3.11 y anteriores (Movable Type versi\u00f3n 6.3), Movable Type Premium versiones 1.29 y anteriores, y Movable Type Premium Advanced versiones 1.29 y anteriores), permite a atacantes remotos inyectar un valor de atributo HTML arbitrario por medio de vectores no especificados."
}
],
"id": "CVE-2020-5574",
"lastModified": "2024-11-21T05:34:17.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-14T02:15:11.267",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN28806943/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN28806943/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-17 16:30
Modified
2024-11-21 01:05
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:six_apart:movable_type:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0641196B-87D2-40D3-B826-C04549BB6B8C",
"versionEndIncluding": "4.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:1.54:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "56106A34-006E-4B73-B6C6-3F36E9C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F1731B0E-71C0-4650-BFBF-1FB3865EAE76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:2.63:*:*:*:*:*:*:*",
"matchCriteriaId": "C057E938-243B-4BEE-BF38-F3334A2B9275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE37614D-A959-4B4A-BF2E-9F3C1072BA20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1542C3-E6CD-4CF6-9F1D-E8E58F2A11E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "47F63E3A-019C-431C-A155-1CD6E42FA485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "13132B94-C271-46F7-9450-FBA1FCBB914E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "B584BED2-F630-4A5B-8FE9-29BBE9517214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:3.36:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "14FCDA0F-2562-4B58-BF3A-F908AFABC557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:4:*:*:*:*:*:*:*",
"matchCriteriaId": "D62FC8B9-3B6A-46C6-94CD-E35941BB64C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:4:*:community_solution:*:*:*:*:*",
"matchCriteriaId": "414CB64F-4460-4819-A1B9-673550080C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:4:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "1841D3B7-8F8A-4FE2-B9C2-47FCFF5984AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:4:*:open_source:*:*:*:*:*",
"matchCriteriaId": "73406BA8-4FE0-44D0-90EF-0084881D706D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "C55BC3C3-83AB-452C-AC2D-A53B3E0C3473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:4.20:*:community_solution:*:*:*:*:*",
"matchCriteriaId": "C4EFB50C-CC9C-46EC-92C3-A581684354E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:4.20:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "E7FEAC67-FA0C-49AE-9AEB-B1E68FB54C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:4.20:*:open_source:*:*:*:*:*",
"matchCriteriaId": "321A94B3-CDAC-4793-9660-CDCDC614EBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart_ltd:movable_type:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F52B477-8052-432E-A382-2181BF337321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart_ltd:movable_type:3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "5C580448-40D1-4C92-9301-861E4346DB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:1.00:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "B1A33E50-6BFD-418F-9F3E-B42C013AA0F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:1.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "DC0F1B54-554E-45C7-8943-A73086C88385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:1.2:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "A56CDA00-DC8E-4042-A882-FB6D7D2F43B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:1.3:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "1C8F4F3A-9942-4263-BC42-CDCDACDFF2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:1.4:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "38626110-81A0-4C99-AB8F-D77FDF662887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:1.5:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "5212ADBE-9F50-4EAB-AC28-91314AA24595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:1.31:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "3542C36E-E457-46DD-A5F7-BD22E16F1C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.0d:*:*:*:*:*:*:*",
"matchCriteriaId": "461319CC-BCDC-4E24-B384-1EEC8B7C4596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "967DAF27-D561-4FDB-A65C-788551871E5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.01d:*:*:*:*:*:*:*",
"matchCriteriaId": "DD460D1D-5971-491E-863A-D230A0B28ED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC178AF-FAF7-49E2-8AE7-1858BD67F44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEA1C54-4636-44B1-B620-85F0D870797E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1819A7A1-366A-4168-AE0E-4CE1FF0D3E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F743E8-72E9-4AEB-B137-A61EB67B8FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92182C-5BBE-4FCD-959B-E95630D16E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "99E9BE91-D42E-4523-A48E-E7B4FBE7A924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5935CA-FDE2-4300-8091-DBD0DC4D2081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DF080128-CC7C-4F71-9268-B7691D54F358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "4783C1BD-B2BA-4D86-A61D-3EB2396DE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "50782308-93FA-4F8F-93FB-4A4E55D95360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C968A9-F07A-4C99-B4A5-434E96DDB928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "A9CD9174-EE47-40B8-8F49-81EAD89267D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "B4FEB07E-4D70-4A24-822E-E4689CB8C9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:-:pro:*:*:*:*:*",
"matchCriteriaId": "59457028-2EA4-472F-A76F-EF867F48937F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.01:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "ABE24C88-6062-4A36-9852-D9EC818EEA0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.1:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "11C793FA-AE7C-430F-B537-19B788D9BC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.1:-:pro:*:*:*:*:*",
"matchCriteriaId": "F80A607A-66A8-4995-A396-5487B8E3029C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.01:-:pro:*:*:*:*:*",
"matchCriteriaId": "C3C21088-A9A5-4CE2-B4D7-8BC48DB84540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.01:b:community_solution:*:*:*:*:*",
"matchCriteriaId": "C1DCAD70-9FFF-4950-875D-586937E93473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.01:b:pro:*:*:*:*:*",
"matchCriteriaId": "395B9CE4-EA3A-42A1-AD37-6487911E10D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56195FCE-D933-40C6-A6A3-6AC8CFECA5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "448081A9-A8C9-4FEC-879B-7FA11997B4D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:-:pro:*:*:*:*:*",
"matchCriteriaId": "E7538776-B7B2-4912-BFE3-E7A1033F41E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.12:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "F33F4F69-D670-4698-84C6-EDD9D78F2D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.12:-:pro:*:*:*:*:*",
"matchCriteriaId": "1E481C6C-F6EF-4E7D-8DAF-F68407DE6501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7AD39A71-0B61-4319-BEE1-12CAD4B095A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.21:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "23B5D056-BC56-4851-8E76-7E22C911EEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.21:-:pro:*:*:*:*:*",
"matchCriteriaId": "CA9BC769-BE45-42EC-8E35-02E6B216D6E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.23:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "9A1B400B-FEC9-416B-89F2-C96B1BE11BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.23:-:pro:*:*:*:*:*",
"matchCriteriaId": "1458F0E9-6AF1-44C6-B0EC-7BCF314B0038",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en mt-wizard.cgi en Six Apart Movable Type anteriores a v4.261, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no espec\u00edficos, es una vulnerabilidad distinta a CVE-2009-2480.\r\n"
}
],
"id": "CVE-2009-2492",
"lastModified": "2024-11-21T01:05:00.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-07-17T16:30:00.983",
"references": [
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/en/jp/JVN86472161/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35534"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35885"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN86472161/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1668"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-05-19 22:30
Modified
2024-11-21 01:15
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | 5.0 | |
| sixapart | movable_type | 5.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F978B3B9-8300-45A7-BDBD-13C504A1BCCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "59407222-BBBB-468A-8604-A50ED9F40048",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors."
},
{
"lang": "es",
"value": "Multiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la interfaz de usuario administrativa en Six Apart Movable Type v5.0 y v5.01 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2010-1985",
"lastModified": "2024-11-21T01:15:38.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-05-19T22:30:01.113",
"references": [
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/en/jp/JVN92854093/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000017.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39741"
},
{
"source": "cve@mitre.org",
"url": "http://www.movabletype.com/blog/2010/05/movable-type-502.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.movabletype.org/documentation/appendices/release-notes/movable-type-502.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN92854093/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.movabletype.com/blog/2010/05/movable-type-502.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.movabletype.org/documentation/appendices/release-notes/movable-type-502.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1136"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-26 02:15
Modified
2024-11-21 05:47
Severity ?
Summary
Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type (Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN97545738/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://movabletype.org/news/2021/08/mt-780-681-released.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN97545738/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://movabletype.org/news/2021/08/mt-780-681-released.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium_advanced:*:*:*",
"matchCriteriaId": "69B0E270-7BF7-4B9F-974B-B71B11788D5E",
"versionEndIncluding": "1.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "5CA5A16F-B42D-4DC7-B9A0-5CA49B05DA7B",
"versionEndExcluding": "7.8.0",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type (Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting en la pantalla Setting de Server Sync de Movable Type (Movable Type Advanced 7 versiones r.4903 y anteriores (Movable Type Advanced 7 Series) y Movable Type Premium Advanced versiones 1.44 y anteriores), permite a atacantes remotos inyectar script arbitrario o HTML por medio de vectores no especificados."
}
],
"id": "CVE-2021-20812",
"lastModified": "2024-11-21T05:47:13.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-26T02:15:11.557",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-03 04:04
Modified
2024-11-21 01:34
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:open_source:*:*:*:*:*",
"matchCriteriaId": "8F2D1316-CAC7-4E50-A76A-03636377785A",
"versionEndIncluding": "4.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.28:*:open_source:*:*:*:*:*",
"matchCriteriaId": "BAAD088A-29B4-44B4-BB90-6BEF55428902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.29:*:open_source:*:*:*:*:*",
"matchCriteriaId": "6DE4CBB7-14AE-45F4-9170-3C097844E8DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.36:*:open_source:*:*:*:*:*",
"matchCriteriaId": "CD6E7E17-E69C-43C7-A9E3-1A7339B8BF68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.291:*:open_source:*:*:*:*:*",
"matchCriteriaId": "320C5974-DA38-443F-9BAF-C60E729D3148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.292:*:open_source:*:*:*:*:*",
"matchCriteriaId": "7020769D-803A-473A-8F1A-4984F870D6B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.361:*:open_source:*:*:*:*:*",
"matchCriteriaId": "85FA0AB7-78D6-42DC-83E7-9630BD8EFCD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:*:open_source:*:*:*:*:*",
"matchCriteriaId": "A8EF53B9-7E86-40D5-AD18-35B09BD346D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.01:*:open_source:*:*:*:*:*",
"matchCriteriaId": "46CDB676-CD09-44C4-9E49-0BC32F5EA49A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.1:*:open_source:*:*:*:*:*",
"matchCriteriaId": "E7179FE9-17D8-48BD-B3EC-A29D4C603A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.02:*:open_source:*:*:*:*:*",
"matchCriteriaId": "941F8723-0838-42B9-825B-C85FF01CC35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.04:*:open_source:*:*:*:*:*",
"matchCriteriaId": "9733B5E7-7A7E-48D6-9F80-7AF9DFDBD76A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.05:*:open_source:*:*:*:*:*",
"matchCriteriaId": "A82BFEF5-275A-45E6-B42B-1FB22E278A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.06:*:open_source:*:*:*:*:*",
"matchCriteriaId": "2433941D-2DC2-4155-93F7-282AD4272334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.11:*:open_source:*:*:*:*:*",
"matchCriteriaId": "EF917586-EF61-4E4B-8739-5EDF18CCB364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.12:*:open_source:*:*:*:*:*",
"matchCriteriaId": "50529598-338F-4077-ABBF-7CE00E8E7FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.051:*:open_source:*:*:*:*:*",
"matchCriteriaId": "D9C1C42D-7BC2-428F-B9CB-4BAE2D8E0E5C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "2FB744CC-02DF-46F6-A524-27DBBB3C33BF",
"versionEndIncluding": "4.292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.28:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "4A2BA875-0C6E-4AD4-9271-CB31E2B2B072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.29:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "59DC45AB-BF7F-4817-A0FB-E3EBCA8CB761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.291:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "B516CE7A-7751-4CE0-8E16-097058A6657D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.1:*:advanced:*:*:*:*:*",
"matchCriteriaId": "4495F904-41A1-4915-A26D-47DA07F17D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.02:*:advanced:*:*:*:*:*",
"matchCriteriaId": "4D930A60-15BE-43E9-9B76-D0723D9B1E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.04:*:advanced:*:*:*:*:*",
"matchCriteriaId": "0006333C-7916-4BB3-8698-EE48D62AE67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.05:*:advanced:*:*:*:*:*",
"matchCriteriaId": "2F400986-9A21-4C5C-95A7-F5F61D199CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.06:*:advanced:*:*:*:*:*",
"matchCriteriaId": "9AAB067E-EF83-4528-A0A4-06821CAEE687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.11:*:advanced:*:*:*:*:*",
"matchCriteriaId": "E0A5BFC0-6F5C-48B5-BA97-9D7CA292DB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.12:*:advanced:*:*:*:*:*",
"matchCriteriaId": "3EAC6A53-748D-4CB8-A0BB-AE19B23D1812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.051:*:advanced:*:*:*:*:*",
"matchCriteriaId": "4E616E4E-6D78-4931-9233-3EED49B1B6AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA6D5B7-BB96-46A9-AD07-F4F744657396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "8342D067-1B16-463D-838B-D16EF7DDCCBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "91A91FDA-16BD-40A3-A055-1F9F61BC90A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "A22E7F1C-19D3-4C72-8EC7-E968FDEDA780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "1B8D3280-D97B-47C9-8737-8DABCA53C290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "3089827B-7A32-4EA4-93EC-63B80FF5E690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "A929B42C-7C65-4D62-B418-EEEF0C3D0E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "10D3CF75-84DE-412A-BB7C-1A9889B06D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2CF07C91-FF25-46AC-B42A-DD6D0F72238E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F0C879EF-5E16-49D4-9A6E-21C44C041D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "403A8118-6AFE-4A25-882E-1928B489C80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "E38527C3-2E6F-4B9A-AF59-39AC2C3F7E9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "D197DDAE-00ED-47D5-9F6A-6E15EAE56755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C628DCF9-7F07-447F-9F1F-636D431BBD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56195FCE-D933-40C6-A6A3-6AC8CFECA5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0B18D123-7449-489B-B3EC-0A72B879D92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "BD8B70C3-003A-4768-B2B4-486688952BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "69CAACDD-2304-4F1B-AD36-5F3B06A87551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB18069-B21A-4663-93B2-F055A9D7D78D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.15:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F249491D-31C3-47D9-97B4-84C53E8C90E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.15:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5BBCAE47-DEB7-41F4-B21E-8E77AA76483A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.15:beta4:*:*:*:*:*:*",
"matchCriteriaId": "4A2B6514-6F27-454A-9CF9-F198438E4B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E36DD87F-F918-4BDD-98B7-41527470B838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "2B49D8B0-39C9-480B-9471-1846CE5A2142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "F909511A-D7B6-4033-AB99-87D6BC5741F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "8A200E33-641A-41B3-8EB3-E7380B686C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "52311931-CE3A-487B-B153-4066D07F63E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "86ED3B93-8769-4A60-BAE4-C50483254905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "703EEB4B-4747-45D5-9335-6FD5CB238F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "36E48EE7-3212-406E-80AB-26B0206E97E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1ADC65FF-B4E8-4346-80DE-647BDC4A4D3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.36:*:*:*:*:*:*:*",
"matchCriteriaId": "F8E76C88-E486-4463-BA41-6A08ECC5E214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.37:*:*:*:*:*:*:*",
"matchCriteriaId": "93798CD5-1099-4B6A-9303-6EFD037F5B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.261:*:*:*:*:*:*:*",
"matchCriteriaId": "E4905997-E4CE-406D-BE0F-B5E2F87AA177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.291:*:*:*:*:*:*:*",
"matchCriteriaId": "45A49069-F509-4C30-BC9F-DB1FF7C39294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.292:*:*:*:*:*:*:*",
"matchCriteriaId": "E7330A56-5D69-495B-B0E9-A820B70573C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.361:*:*:*:*:*:*:*",
"matchCriteriaId": "9951EF1D-0D13-4215-9066-C17B352E6C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F978B3B9-8300-45A7-BDBD-13C504A1BCCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "2C0E810B-453A-4C22-A8AF-C8DC83104A56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DF2F85C7-77AA-4431-8017-7EE66D2216CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "944DAD7F-2A51-4641-AFE9-5CB6AB957923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "45E04B8D-6F13-4D7C-9D99-70718EF82BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "941AF9C9-341E-4820-8B1C-5D8C5B19861A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0AB08B1C-C527-4D51-932B-7DAC8D507F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "246D565F-5260-4F5E-B766-95BADF16BC59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "59407222-BBBB-468A-8604-A50ED9F40048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "FA6CA4D7-E19C-4783-88AC-8F32F2588AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F8790230-BE95-496F-8212-284125FF6376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.02:*:*:*:*:*:*:*",
"matchCriteriaId": "CF488003-44FA-48F4-8F5A-46B46523E175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.03:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0A9628-B04F-492D-8158-DE95980CE4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.04:*:*:*:*:*:*:*",
"matchCriteriaId": "D910C9B1-15D1-4E8F-8901-25063D26DC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.05:*:*:*:*:*:*:*",
"matchCriteriaId": "F0627468-9A42-4793-8E20-F22BD433FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.06:*:*:*:*:*:*:*",
"matchCriteriaId": "995A2AAB-E9C5-4B23-8230-D04F15097909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.07:*:*:*:*:*:*:*",
"matchCriteriaId": "D8ECAE19-F294-48D8-BD97-B4E01C054E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AE116A08-FD4A-4BC1-A79A-513648931D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8E704381-8161-4795-A7F5-9E4D8B006C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.031:*:*:*:*:*:*:*",
"matchCriteriaId": "98DC35B2-E679-4049-8A2B-CE2C6F7E6E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.051:*:*:*:*:*:*:*",
"matchCriteriaId": "48B948EF-0687-4C14-A8AD-9A3B5E055A1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Movable Type anteriores 4.38, 5.0x anteriores 5.07, y 5.1x anteriores 5.13. Permiten a usuarios remotos secuestrar (hijack) la autenticaci\u00f3n de usuarios aleatorios a trav\u00e9s de las peticiones que modifican datos de (1) la opci\u00f3n de comentarios (\"commenting feature\") o (2) \"community script\"."
}
],
"id": "CVE-2012-0317",
"lastModified": "2024-11-21T01:34:47.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-03-03T04:04:57.610",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN70683217/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000015"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/52138"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securitytracker.com/id?1026738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN70683217/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026738"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-27 14:59
Modified
2024-11-21 01:51
Severity ?
Summary
Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3154261-4982-4E39-B707-33A8EFA3FCF9",
"versionEndIncluding": "5.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter."
},
{
"lang": "es",
"value": "Movable Type anterior a 5.2.6 no utiliza correctamente la funci\u00f3n Storable::thaw, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro comment_state."
}
],
"id": "CVE-2013-2184",
"lastModified": "2024-11-21T01:51:12.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-27T14:59:00.070",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q2/560"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q2/568"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3183"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q2/560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q2/568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-17"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-14 02:15
Modified
2024-11-21 05:34
Severity ?
Summary
Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN28806943/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://movabletype.org/news/2020/05/mt-730-660-6312-released.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN28806943/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://movabletype.org/news/2020/05/mt-730-660-6312-released.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "3D88132B-1FE5-42F9-8E06-84DC0FA31C46",
"versionEndIncluding": "1.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
"matchCriteriaId": "2005D2D5-4CA2-4644-9F87-B7DCA1EBF132",
"versionEndIncluding": "1.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "98A6AEB4-B75E-4759-AD1B-D87D410652E6",
"versionEndIncluding": "6.3.11",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "65955180-1085-4A67-9E96-AAAD69237E85",
"versionEndIncluding": "6.3.11",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "00F5146E-F4DF-44CD-A5AC-F42191FCE558",
"versionEndIncluding": "6.5.3",
"versionStartIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "62413AE4-54CE-4C8F-9CD3-8C6B5F118F85",
"versionEndIncluding": "6.5.3",
"versionStartIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:aws:*:*",
"matchCriteriaId": "5A47BEEF-E49C-4AB5-BCB1-7A46B3784C6B",
"versionEndIncluding": "7.2.1",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "5BE18A59-7288-4CB8-AFA0-C8CFAB9DCA09",
"versionEndIncluding": "7.2.1",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "831E171A-BDA4-4181-B817-0D307B37D472",
"versionEndIncluding": "7.2.1",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors."
},
{
"lang": "es",
"value": "La serie de Movable Type (Movable Type versiones 7 r.4606 (7.2.1) y anteriores (Movable Type versi\u00f3n 7), Movable Type Advanced versiones 7 r.4606 (7.2.1) y anteriores (Movable Type Advanced versi\u00f3n 7), Movable Type para AWS versiones 7 r.4606 (7.2.1) y anteriores (Movable Type para AWS versi\u00f3n 7), Movable Type versiones 6.5.3 y anteriores (Movable Type versi\u00f3n 6.5), Movable Type Advanced versiones 6.5.3 y anteriores (Movable Type Advanced versi\u00f3n 6.5), Movable Type versiones 6.3.11 y anteriores (Movable Type versi\u00f3n 6.3), Movable Type Advanced versiones 6.3.11 y anteriores (Movable Type versi\u00f3n 6.3), Movable Type Premium versiones 1.29 y anteriores, y Movable Type Premium Advanced versiones 1.29 y anteriores), permiten a atacantes autenticados remotos cargar archivos arbitrarios y ejecutar un script php por medio de vectores no especificados."
}
],
"id": "CVE-2020-5577",
"lastModified": "2024-11-21T05:34:18.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-14T02:15:11.483",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN28806943/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN28806943/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-24 09:15
Modified
2024-11-21 07:15
Severity ?
Summary
Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN57728859/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://movabletype.org/news/2022/08/mt-795-687-released.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN57728859/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://movabletype.org/news/2022/08/mt-795-687-released.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
"matchCriteriaId": "0D577668-2998-4089-A413-EBED87A24142",
"versionEndExcluding": "1.53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium_advanced:*:*:*",
"matchCriteriaId": "0F88E29B-EFA9-4272-ADDB-070A2E5EA377",
"versionEndExcluding": "1.53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:-:*:*",
"matchCriteriaId": "F6A4EAEA-B95F-45C7-BB51-B7A826144EED",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:aws:*:*",
"matchCriteriaId": "CA49252A-03B1-4B74-960F-3C63B9768F55",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:-:*:*",
"matchCriteriaId": "2A418283-AAB2-4498-9228-60AF729A71CF",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:aws:*:*",
"matchCriteriaId": "2F19ADA4-B866-41E0-81A0-121CC67CA072",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:-:*:*",
"matchCriteriaId": "21F7AEA4-802D-4934-9465-C94AF8828644",
"versionEndExcluding": "7.9.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:aws:*:*",
"matchCriteriaId": "1C9F5F22-69D6-4709-83E4-877833D3519B",
"versionEndExcluding": "7.9.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:-:*:*",
"matchCriteriaId": "6AD32302-6F49-485D-B5BD-4B652ED63DAA",
"versionEndExcluding": "7.9.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:aws:*:*",
"matchCriteriaId": "E9E3AF0B-4462-413C-A4B6-A9ED010E3AE8",
"versionEndExcluding": "7.9.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability."
},
{
"lang": "es",
"value": "La API XMLRPC de Movable Type proporcionada por Six Apart Ltd. contiene una vulnerabilidad de inyecci\u00f3n de comandos. El env\u00edo de un mensaje especialmente dise\u00f1ado mediante el m\u00e9todo POST a la API Movable Type XMLRPC puede permitir una ejecuci\u00f3n de un script Perl arbitrario, y un comando OS arbitrario puede ser ejecutado mediante \u00e9l. Los productos y versiones afectados son los siguientes Movable Type 7 versiones r.5202 y anteriores, Movable Type Advanced 7 versiones r.5202 y anteriores, Movable Type versiones 6.8.6 y anteriores, Movable Type Advanced versiones 6.8.6 y anteriores, Movable Type Premium versiones 1.52 y anteriores, y Movable Type Premium Advanced versiones 1.52 y anteriores. Tenga en cuenta que todas las versiones de Movable Type versiones 4.0 o posteriores, incluidas las versiones sin soporte (End-of-Life, EOL), tambi\u00e9n est\u00e1n afectadas por esta vulnerabilidad."
}
],
"id": "CVE-2022-38078",
"lastModified": "2024-11-21T07:15:44.153",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-24T09:15:08.493",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN57728859/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2022/08/mt-795-687-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN57728859/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2022/08/mt-795-687-released.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-26 02:15
Modified
2024-11-21 05:47
Severity ?
Summary
Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN97545738/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://movabletype.org/news/2021/08/mt-780-681-released.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN97545738/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://movabletype.org/news/2021/08/mt-780-681-released.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
"matchCriteriaId": "9ED3A1ED-558E-4783-8BCA-47BB68E92D9D",
"versionEndIncluding": "1.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium_advanced:*:*:*",
"matchCriteriaId": "69B0E270-7BF7-4B9F-974B-B71B11788D5E",
"versionEndIncluding": "1.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "7BA76A65-0518-40F0-AE15-4EE416911E27",
"versionEndIncluding": "6.8.0",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D37106C9-92CD-44A8-A80B-57754207AE80",
"versionEndExcluding": "7.8.0",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "5CA5A16F-B42D-4DC7-B9A0-5CA49B05DA7B",
"versionEndExcluding": "7.8.0",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting en las pantallas Create de Entry, Page y Content Type de Movable Type (Movable Type 7 versiones r.4903 y anteriores (Movable Type 7 Series), Movable Type versiones 6.8.0 y anteriores (Movable Type 6 Series), Movable Type Advanced 7 versiones r.4903 y anteriores (Movable Type Advanced 7 Series), Movable Type Premium versiones 1.44 y anteriores, y Movable Type Premium Advanced versiones 1.44 y anteriores), permite a atacantes remotos inyectar script o HTML arbitrario por medio de vectores no especificados."
}
],
"id": "CVE-2021-20809",
"lastModified": "2024-11-21T05:47:13.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-26T02:15:11.267",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-02 18:55
Modified
2024-11-21 01:33
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA6D5B7-BB96-46A9-AD07-F4F744657396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "8342D067-1B16-463D-838B-D16EF7DDCCBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "91A91FDA-16BD-40A3-A055-1F9F61BC90A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "A22E7F1C-19D3-4C72-8EC7-E968FDEDA780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "1B8D3280-D97B-47C9-8737-8DABCA53C290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "3089827B-7A32-4EA4-93EC-63B80FF5E690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "A929B42C-7C65-4D62-B418-EEEF0C3D0E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "10D3CF75-84DE-412A-BB7C-1A9889B06D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2CF07C91-FF25-46AC-B42A-DD6D0F72238E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F0C879EF-5E16-49D4-9A6E-21C44C041D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "403A8118-6AFE-4A25-882E-1928B489C80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC553F4-89D4-40A8-BEF3-9ABEECE9366F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82084FAB-6563-483E-95F1-49D9BCEB5C8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "E38527C3-2E6F-4B9A-AF59-39AC2C3F7E9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.01:beta:*:*:*:*:*:*",
"matchCriteriaId": "0847531A-24B6-464E-A892-9FFB8961ED1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "D197DDAE-00ED-47D5-9F6A-6E15EAE56755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.01:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E030ADF7-ADF5-458E-81ED-CD565F9725FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C628DCF9-7F07-447F-9F1F-636D431BBD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.01:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ADD27600-5559-4FC3-8877-681AB32207AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56195FCE-D933-40C6-A6A3-6AC8CFECA5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0B18D123-7449-489B-B3EC-0A72B879D92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "BD8B70C3-003A-4768-B2B4-486688952BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "69CAACDD-2304-4F1B-AD36-5F3B06A87551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB18069-B21A-4663-93B2-F055A9D7D78D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.15:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F249491D-31C3-47D9-97B4-84C53E8C90E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.15:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5BBCAE47-DEB7-41F4-B21E-8E77AA76483A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.15:beta4:*:*:*:*:*:*",
"matchCriteriaId": "4A2B6514-6F27-454A-9CF9-F198438E4B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7AD39A71-0B61-4319-BEE1-12CAD4B095A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E36DD87F-F918-4BDD-98B7-41527470B838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "2B49D8B0-39C9-480B-9471-1846CE5A2142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "F909511A-D7B6-4033-AB99-87D6BC5741F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "8A200E33-641A-41B3-8EB3-E7380B686C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "52311931-CE3A-487B-B153-4066D07F63E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "86ED3B93-8769-4A60-BAE4-C50483254905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "703EEB4B-4747-45D5-9335-6FD5CB238F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "36E48EE7-3212-406E-80AB-26B0206E97E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1ADC65FF-B4E8-4346-80DE-647BDC4A4D3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.36:*:*:*:*:*:*:*",
"matchCriteriaId": "F8E76C88-E486-4463-BA41-6A08ECC5E214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.261:*:*:*:*:*:*:*",
"matchCriteriaId": "E4905997-E4CE-406D-BE0F-B5E2F87AA177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.291:*:*:*:*:*:*:*",
"matchCriteriaId": "45A49069-F509-4C30-BC9F-DB1FF7C39294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.292:*:*:*:*:*:*:*",
"matchCriteriaId": "E7330A56-5D69-495B-B0E9-A820B70573C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F978B3B9-8300-45A7-BDBD-13C504A1BCCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "2C0E810B-453A-4C22-A8AF-C8DC83104A56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DF2F85C7-77AA-4431-8017-7EE66D2216CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "944DAD7F-2A51-4641-AFE9-5CB6AB957923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "45E04B8D-6F13-4D7C-9D99-70718EF82BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "941AF9C9-341E-4820-8B1C-5D8C5B19861A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0AB08B1C-C527-4D51-932B-7DAC8D507F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "246D565F-5260-4F5E-B766-95BADF16BC59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "59407222-BBBB-468A-8604-A50ED9F40048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.02:*:*:*:*:*:*:*",
"matchCriteriaId": "CF488003-44FA-48F4-8F5A-46B46523E175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.03:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0A9628-B04F-492D-8158-DE95980CE4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.04:*:*:*:*:*:*:*",
"matchCriteriaId": "D910C9B1-15D1-4E8F-8901-25063D26DC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.05:*:*:*:*:*:*:*",
"matchCriteriaId": "F0627468-9A42-4793-8E20-F22BD433FBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:5.031:*:*:*:*:*:*:*",
"matchCriteriaId": "98DC35B2-E679-4049-8A2B-CE2C6F7E6E89",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Movable Type v4.x anteriores a v4.36 y v5.x anteriores a v5.05, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-5084",
"lastModified": "2024-11-21T01:33:35.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-04-02T18:55:00.920",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-26 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
"matchCriteriaId": "4E744FEB-0EDF-4F98-ADF2-6A8884847D9F",
"versionEndIncluding": "1.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium_advanced:*:*:*",
"matchCriteriaId": "557E42A3-E98C-448C-B549-BD0E77CC16AA",
"versionEndIncluding": "1.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*",
"matchCriteriaId": "135405AA-B5A6-4AB8-929B-91521391F249",
"versionEndIncluding": "6.3.11",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D3DF90A1-482E-48AC-B8E0-C42849853C4C",
"versionEndIncluding": "6.8.2",
"versionStartIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "63BA2A68-FA2F-46FC-A875-C339B9580502",
"versionEndIncluding": "6.8.2",
"versionStartIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "41401B1F-F3D4-4C80-9B47-3429C6615218",
"versionEndIncluding": "7.8.1",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "4853A3F7-6AC7-4634-8186-C1ED16DCE62C",
"versionEndIncluding": "7.8.1",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability."
},
{
"lang": "es",
"value": "Movable Type 7 versiones r.5002 y anteriores (Movable Type 7 Series), Movable Type versiones 6.8.2 y anteriores (Movable Type 6 Series), Movable Type Advanced 7 versiones r.5002 y anteriores (Movable Type Advanced 7 Series), Movable Type Advanced versiones 6.8.2 y anteriores (Movable Type Advanced 6 Series), Movable Type Premium versiones 1.46 y anteriores, y Movable Type Premium Advanced versiones 1.46 y anteriores, permiten a atacantes remotos ejecutar comandos arbitrarios del sistema operativo por medio de vectores no especificados. Tenga en cuenta que todas las versiones de Movable Type vectores no especificados 4.0 o posteriores, incluidas las versiones sin soporte (End-of-Life, EOL), tambi\u00e9n est\u00e1n afectadas por esta vulnerabilidad"
}
],
"id": "CVE-2021-20837",
"lastModified": "2024-11-21T05:47:15.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-26T06:15:06.987",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164705/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164818/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN41119755/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2021/10/mt-782-683-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164705/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164818/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN41119755/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2021/10/mt-782-683-released.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-26 02:15
Modified
2024-11-21 05:47
Severity ?
Summary
Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series) and Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series)) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN97545738/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://movabletype.org/news/2021/08/mt-780-681-released.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN97545738/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://movabletype.org/news/2021/08/mt-780-681-released.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D37106C9-92CD-44A8-A80B-57754207AE80",
"versionEndExcluding": "7.8.0",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "5CA5A16F-B42D-4DC7-B9A0-5CA49B05DA7B",
"versionEndExcluding": "7.8.0",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series) and Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series)) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting en la pantalla Edit de Content Data de Movable Type (Movable Type 7 versiones r.4903 y anteriores (Movable Type 7 Series) y Movable Type Advanced 7 versiones r.4903 y anteriores (Movable Type Advanced 7 Series)), permite a atacantes remotos inyectar script arbitrario o HTML por medio de vectores no especificados."
}
],
"id": "CVE-2021-20813",
"lastModified": "2024-11-21T05:47:13.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-26T02:15:11.657",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-26 02:15
Modified
2024-11-21 05:47
Severity ?
Summary
Cross-site scripting vulnerability in Search screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN97545738/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://movabletype.org/news/2021/08/mt-780-681-released.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN97545738/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://movabletype.org/news/2021/08/mt-780-681-released.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
"matchCriteriaId": "9ED3A1ED-558E-4783-8BCA-47BB68E92D9D",
"versionEndIncluding": "1.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium_advanced:*:*:*",
"matchCriteriaId": "69B0E270-7BF7-4B9F-974B-B71B11788D5E",
"versionEndIncluding": "1.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "7BA76A65-0518-40F0-AE15-4EE416911E27",
"versionEndIncluding": "6.8.0",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D37106C9-92CD-44A8-A80B-57754207AE80",
"versionEndExcluding": "7.8.0",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "5CA5A16F-B42D-4DC7-B9A0-5CA49B05DA7B",
"versionEndExcluding": "7.8.0",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Search screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting en la pantalla de B\u00fasqueda de Movable Type (Movable Type 7 versiones r.4903 y anteriores (Movable Type 7 Series), Movable Type versiones 6.8.0 y anteriores (Movable Type 6 Series), Movable Type Advanced 7 versiones r.4903 y anteriores (Movable Type Advanced 7 Series), Movable Type Premium versiones 1.44 y anteriores, y Movable Type Premium Advanced versiones 1.44 y anteriores), permite a atacantes remotos inyectar script arbitrario o HTML por medio de vectores no especificados."
}
],
"id": "CVE-2021-20808",
"lastModified": "2024-11-21T05:47:13.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-26T02:15:11.157",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-04 13:29
Modified
2024-11-21 03:38
Severity ?
Summary
Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN89550319/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN89550319/index.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C060A39D-B6AD-459B-9C68-94EDBA031C06",
"versionEndExcluding": "6.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-Site Scripting (XSS) en Movable Type en versiones anteriores a la 6.3.1 permite que los atacantes remotos inyecten scripts web o HTML arbitrarios utilizando vectores no especificados."
}
],
"id": "CVE-2018-0672",
"lastModified": "2024-11-21T03:38:42.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-04T13:29:05.280",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN89550319/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN89550319/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-05 20:30
Modified
2024-11-21 00:55
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View template; a (5) listing screen or (6) edit screen in the CMS app; (7) a TrackBack title, related to the HTML sanitization library; or (8) a user archive name (aka archive title) on a published Community Blog template.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | 3.0d | |
| sixapart | movable_type | 3.1 | |
| sixapart | movable_type | 3.01d | |
| sixapart | movable_type | 3.2 | |
| sixapart | movable_type | 3.3 | |
| sixapart | movable_type | 3.11 | |
| sixapart | movable_type | 3.12 | |
| sixapart | movable_type | 3.14 | |
| sixapart | movable_type | 3.15 | |
| sixapart | movable_type | 3.16 | |
| sixapart | movable_type | 3.17 | |
| sixapart | movable_type | 3.32 | |
| sixapart | movable_type | 3.33 | |
| sixapart | movable_type | 3.34 | |
| sixapart | movable_type | 3.35 | |
| sixapart | movable_type | 4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBD43712-58DD-4A34-848B-13EC14159785",
"versionEndIncluding": "4.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.0d:*:*:*:*:*:*:*",
"matchCriteriaId": "461319CC-BCDC-4E24-B384-1EEC8B7C4596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "967DAF27-D561-4FDB-A65C-788551871E5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.01d:*:*:*:*:*:*:*",
"matchCriteriaId": "DD460D1D-5971-491E-863A-D230A0B28ED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC178AF-FAF7-49E2-8AE7-1858BD67F44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEA1C54-4636-44B1-B620-85F0D870797E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1819A7A1-366A-4168-AE0E-4CE1FF0D3E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F743E8-72E9-4AEB-B137-A61EB67B8FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92182C-5BBE-4FCD-959B-E95630D16E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "99E9BE91-D42E-4523-A48E-E7B4FBE7A924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5935CA-FDE2-4300-8091-DBD0DC4D2081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DF080128-CC7C-4F71-9268-B7691D54F358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "4783C1BD-B2BA-4D86-A61D-3EB2396DE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "50782308-93FA-4F8F-93FB-4A4E55D95360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C968A9-F07A-4C99-B4A5-434E96DDB928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "A9CD9174-EE47-40B8-8F49-81EAD89267D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56195FCE-D933-40C6-A6A3-6AC8CFECA5DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View template; a (5) listing screen or (6) edit screen in the CMS app; (7) a TrackBack title, related to the HTML sanitization library; or (8) a user archive name (aka archive title) on a published Community Blog template."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Six Apart Movable Type (MT) anterior a v4.23 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, o (4) el campo MTCommenterName en una plantilla Profile View; un (5) listado de pantalla o (6) pantalla de edici\u00f3n en el CMS app; (7) un t\u00edtulo TrackBack, relacionado con la librer\u00eda HTML sanitization; o (8) un archivo de nombre de usuario (tambi\u00e9n llamado archive title) en una plantilla publicada Community Blog."
}
],
"id": "CVE-2008-5845",
"lastModified": "2024-11-21T00:55:01.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-01-05T20:30:02.327",
"references": [
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/en/jp/JVN45658190/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000031.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.movabletype.org/mt_423_change_log.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN45658190/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.movabletype.org/mt_423_change_log.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-26 02:15
Modified
2024-11-21 05:47
Severity ?
Summary
Cross-site scripting vulnerability in List of Assets screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN97545738/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://movabletype.org/news/2021/08/mt-780-681-released.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN97545738/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://movabletype.org/news/2021/08/mt-780-681-released.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
"matchCriteriaId": "9ED3A1ED-558E-4783-8BCA-47BB68E92D9D",
"versionEndIncluding": "1.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium_advanced:*:*:*",
"matchCriteriaId": "69B0E270-7BF7-4B9F-974B-B71B11788D5E",
"versionEndIncluding": "1.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "7BA76A65-0518-40F0-AE15-4EE416911E27",
"versionEndIncluding": "6.8.0",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D37106C9-92CD-44A8-A80B-57754207AE80",
"versionEndExcluding": "7.8.0",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "5CA5A16F-B42D-4DC7-B9A0-5CA49B05DA7B",
"versionEndExcluding": "7.8.0",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in List of Assets screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting en la pantalla List of Assets de Movable Type (Movable Type 7 versiones r.4903 y anteriores (Movable Type 7 Series), Movable Type versiones 6.8.0 y anteriores (Movable Type 6 Series), Movable Type Advanced 7 versiones r.4903 y anteriores (Movable Type Advanced 7 Series), Movable Type Premium versiones 1.44 y anteriores, y Movable Type Premium Advanced versiones 1.44 y anteriores), permite a atacantes remotos inyectar script arbitrario o HTML por medio de vectores no especificados."
}
],
"id": "CVE-2021-20811",
"lastModified": "2024-11-21T05:47:13.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-26T02:15:11.497",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-02 18:11
Modified
2024-11-21 00:54
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to "application management."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| six_apart | movable_type | 4 | |
| six_apart | movable_type | 4 | |
| six_apart | movable_type | 4 | |
| six_apart | movable_type | 4.20 | |
| six_apart | movable_type | 4.20 | |
| six_apart | movable_type | 4.20 | |
| sixapart | movable_type | 1.00 | |
| sixapart | movable_type | 1.1 | |
| sixapart | movable_type | 1.2 | |
| sixapart | movable_type | 1.3 | |
| sixapart | movable_type | 1.4 | |
| sixapart | movable_type | 1.5 | |
| sixapart | movable_type | 1.31 | |
| sixapart | movable_type | 3.0d | |
| sixapart | movable_type | 3.1 | |
| sixapart | movable_type | 3.01d | |
| sixapart | movable_type | 3.2 | |
| sixapart | movable_type | 3.3 | |
| sixapart | movable_type | 3.11 | |
| sixapart | movable_type | 3.12 | |
| sixapart | movable_type | 3.14 | |
| sixapart | movable_type | 3.15 | |
| sixapart | movable_type | 3.16 | |
| sixapart | movable_type | 3.17 | |
| sixapart | movable_type | 3.32 | |
| sixapart | movable_type | 3.33 | |
| sixapart | movable_type | 3.34 | |
| sixapart | movable_type | 3.35 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:six_apart:movable_type:4:*:*:*:*:*:*:*",
"matchCriteriaId": "D62FC8B9-3B6A-46C6-94CD-E35941BB64C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:4:unknown:enterprise:*:*:*:*:*",
"matchCriteriaId": "00239DBB-03C7-4E5C-860E-D0437702748B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:4:unknown:open_source:*:*:*:*:*",
"matchCriteriaId": "FB619291-69AA-4F90-8A3F-B9814906E890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "C55BC3C3-83AB-452C-AC2D-A53B3E0C3473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:4.20:unknown:enterprise:*:*:*:*:*",
"matchCriteriaId": "0B1D9C09-2BA0-484A-A0C3-6683B773F247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:six_apart:movable_type:4.20:unknown:open_source:*:*:*:*:*",
"matchCriteriaId": "FCDC2602-7A4F-460A-B440-A0B6AC96C8C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:1.00:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "B1A33E50-6BFD-418F-9F3E-B42C013AA0F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:1.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "DC0F1B54-554E-45C7-8943-A73086C88385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:1.2:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "A56CDA00-DC8E-4042-A882-FB6D7D2F43B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:1.3:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "1C8F4F3A-9942-4263-BC42-CDCDACDFF2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:1.4:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "38626110-81A0-4C99-AB8F-D77FDF662887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:1.5:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "5212ADBE-9F50-4EAB-AC28-91314AA24595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:1.31:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "3542C36E-E457-46DD-A5F7-BD22E16F1C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.0d:*:*:*:*:*:*:*",
"matchCriteriaId": "461319CC-BCDC-4E24-B384-1EEC8B7C4596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "967DAF27-D561-4FDB-A65C-788551871E5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.01d:*:*:*:*:*:*:*",
"matchCriteriaId": "DD460D1D-5971-491E-863A-D230A0B28ED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC178AF-FAF7-49E2-8AE7-1858BD67F44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEA1C54-4636-44B1-B620-85F0D870797E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1819A7A1-366A-4168-AE0E-4CE1FF0D3E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F743E8-72E9-4AEB-B137-A61EB67B8FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92182C-5BBE-4FCD-959B-E95630D16E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "99E9BE91-D42E-4523-A48E-E7B4FBE7A924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5935CA-FDE2-4300-8091-DBD0DC4D2081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DF080128-CC7C-4F71-9268-B7691D54F358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "4783C1BD-B2BA-4D86-A61D-3EB2396DE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "50782308-93FA-4F8F-93FB-4A4E55D95360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C968A9-F07A-4C99-B4A5-434E96DDB928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "A9CD9174-EE47-40B8-8F49-81EAD89267D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to \"application management.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de Secuencias de comandos en Sitios Cruzados (XSS) en Six Apart Movable Type Enterprise (MTE) v1.x anteriores a v1.56; Movable Type (MT) v3.x anteriores a v3.38; y Movable Type, Movable Type Open Source (MTOS), y Movable Type Enterprise v4.x anteriores a v4.23, permite a atacantes remotos inyectar secuencias de comandos Web o HTML a trav\u00e9s de vectores no especificados, posiblemente est\u00e9 relacionado con \"gesti\u00f3n de la aplicaci\u00f3n\"."
}
],
"id": "CVE-2008-5808",
"lastModified": "2024-11-21T00:54:57.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-01-02T18:11:09.500",
"references": [
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/en/jp/JVN02216739/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000067.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32935"
},
{
"source": "cve@mitre.org",
"url": "http://www.movabletype.jp/blog/_movable_type_423.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32604"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN02216739/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.movabletype.jp/blog/_movable_type_423.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47019"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-04 19:55
Modified
2024-11-21 00:40
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the MailForm plugin before 1.20 for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| h-fj | mailform_plugin | * | |
| h-fj | mailform_plugin | 1.00 | |
| h-fj | mailform_plugin | 1.10 | |
| sixapart | movable_type | 4.0 | |
| sixapart | movable_type | 4.0 | |
| sixapart | movable_type | 4.1 | |
| sixapart | movable_type | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:h-fj:mailform_plugin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E225858-6DBA-4FC5-BB09-5A92682A7AD2",
"versionEndIncluding": "1.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:h-fj:mailform_plugin:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1C269797-E150-4BB1-B7E4-9461ED47D467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:h-fj:mailform_plugin:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "01804F48-88AE-4C35-AE66-77C83C8FBC68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "B4FEB07E-4D70-4A24-822E-E4689CB8C9CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.0:-:pro:*:*:*:*:*",
"matchCriteriaId": "59457028-2EA4-472F-A76F-EF867F48937F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.1:-:community_solution:*:*:*:*:*",
"matchCriteriaId": "11C793FA-AE7C-430F-B537-19B788D9BC6E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:4.1:-:pro:*:*:*:*:*",
"matchCriteriaId": "F80A607A-66A8-4995-A396-5487B8E3029C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the MailForm plugin before 1.20 for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilida de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el complemento MailForm antes de v1.20 para Movable Type, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2007-6751",
"lastModified": "2024-11-21T00:40:54.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-01-04T19:55:00.803",
"references": [
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/en/jp/JVN60887968/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000108.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.h-fj.com/blog/archives/2007/01/23-111038.php"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN60887968/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000108.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.h-fj.com/blog/archives/2007/01/23-111038.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72344"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-26 02:15
Modified
2024-11-21 05:47
Severity ?
Summary
Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN97545738/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://movabletype.org/news/2021/08/mt-780-681-released.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN97545738/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://movabletype.org/news/2021/08/mt-780-681-released.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * | |
| sixapart | movable_type | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
"matchCriteriaId": "9ED3A1ED-558E-4783-8BCA-47BB68E92D9D",
"versionEndIncluding": "1.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium_advanced:*:*:*",
"matchCriteriaId": "69B0E270-7BF7-4B9F-974B-B71B11788D5E",
"versionEndIncluding": "1.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "7BA76A65-0518-40F0-AE15-4EE416911E27",
"versionEndIncluding": "6.8.0",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D37106C9-92CD-44A8-A80B-57754207AE80",
"versionEndExcluding": "7.8.0",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "5CA5A16F-B42D-4DC7-B9A0-5CA49B05DA7B",
"versionEndExcluding": "7.8.0",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting en la pantalla Edit Boilerplate de Movable Type (Movable Type 7 versiones r.4903 y anteriores (Movable Type 7 Series), Movable Type versiones 6.8.0 y anteriores (Movable Type 6 Series), Movable Type Advanced 7 versiones r.4903 y anteriores (Movable Type Advanced 7 Series), Movable Type Premium versiones 1.44 y anteriores, y Movable Type Premium Advanced versiones 1.44 y anteriores), permite a atacantes remotos inyectar scripts arbitrarios o HTML por medio de vectores no especificados."
}
],
"id": "CVE-2021-20815",
"lastModified": "2024-11-21T05:47:14.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-26T02:15:11.827",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN97545738/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://movabletype.org/news/2021/08/mt-780-681-released.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}