cvelistv5 - cve-2020-5574

cve-2020-5574

Vulnerability from cvelistv5

Published

2020-05-14 01:00

Modified

2024-08-04 08:30

Severity ?

Summary

HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors.

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN28806943/index.html	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	https://movabletype.org/news/2020/05/mt-730-660-6312-released.html	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN28806943/index.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://movabletype.org/news/2020/05/mt-730-660-6312-released.html	Release Notes, Vendor Advisory

Impacted products

	Vendor	Product	Version
	Six Apart Ltd.	Movable Type	Version: Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:30:24.552Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN28806943/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Movable Type",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-05-14T01:00:21",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN28806943/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2020-5574",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Movable Type",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Six Apart Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html",
              "refsource": "MISC",
              "url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN28806943/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN28806943/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2020-5574",
    "datePublished": "2020-05-14T01:00:21",
    "dateReserved": "2020-01-06T00:00:00",
    "dateUpdated": "2024-08-04T08:30:24.552Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-5574\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2020-05-14T02:15:11.267\",\"lastModified\":\"2024-11-21T05:34:17.977\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de inyecci\u00f3n del valor de atributo HTML en la serie Movable Type (Movable Type versiones 7 r.4606 (7.2.1) y anteriores (Movable Type versi\u00f3n 7), Movable Type Advanced versiones 7 r.4606 (7.2.1) y anteriores (Movable Type Advanced versi\u00f3n 7), Movable Type para AWS versiones 7 r.4606 (7.2.1) y anteriores (Movable Type para AWS versi\u00f3n 7), Movable Type versiones 6.5.3 y anteriores (Movable Type versi\u00f3n 6.5), Movable Type Advanced versiones 6.5.3 y anteriores (Movable Type Advanced versi\u00f3n 6.5), Movable Type versiones 6.3.11 y anteriores (Movable Type versi\u00f3n 6.3), Movable Type Advanced versiones 6.3.11 y anteriores (Movable Type versi\u00f3n 6.3), Movable Type Premium versiones 1.29 y anteriores, y Movable Type Premium Advanced versiones 1.29 y anteriores), permite a atacantes remotos inyectar un valor de atributo HTML arbitrario por medio de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*\",\"versionEndIncluding\":\"1.29\",\"matchCriteriaId\":\"3D88132B-1FE5-42F9-8E06-84DC0FA31C46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*\",\"versionEndIncluding\":\"1.29\",\"matchCriteriaId\":\"2005D2D5-4CA2-4644-9F87-B7DCA1EBF132\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"6.3\",\"versionEndIncluding\":\"6.3.11\",\"matchCriteriaId\":\"98A6AEB4-B75E-4759-AD1B-D87D410652E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*\",\"versionStartIncluding\":\"6.3\",\"versionEndIncluding\":\"6.3.11\",\"matchCriteriaId\":\"65955180-1085-4A67-9E96-AAAD69237E85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"6.5.0\",\"versionEndIncluding\":\"6.5.3\",\"matchCriteriaId\":\"00F5146E-F4DF-44CD-A5AC-F42191FCE558\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*\",\"versionStartIncluding\":\"6.5.0\",\"versionEndIncluding\":\"6.5.3\",\"matchCriteriaId\":\"62413AE4-54CE-4C8F-9CD3-8C6B5F118F85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:aws:*:*\",\"versionStartIncluding\":\"7.0\",\"versionEndIncluding\":\"7.2.1\",\"matchCriteriaId\":\"5A47BEEF-E49C-4AB5-BCB1-7A46B3784C6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"7.0\",\"versionEndIncluding\":\"7.2.1\",\"matchCriteriaId\":\"5BE18A59-7288-4CB8-AFA0-C8CFAB9DCA09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*\",\"versionStartIncluding\":\"7.0\",\"versionEndIncluding\":\"7.2.1\",\"matchCriteriaId\":\"831E171A-BDA4-4181-B817-0D307B37D472\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/jp/JVN28806943/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://movabletype.org/news/2020/05/mt-730-660-6312-released.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN28806943/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://movabletype.org/news/2020/05/mt-730-660-6312-released.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}"
  }
}

fkie_cve-2020-5574

Vulnerability from fkie_nvd

Published

2020-05-14 02:15

Modified

2024-11-21 05:34

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN28806943/index.html	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	https://movabletype.org/news/2020/05/mt-730-660-6312-released.html	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN28806943/index.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://movabletype.org/news/2020/05/mt-730-660-6312-released.html	Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
sixapart	movable_type	*
sixapart	movable_type	*
sixapart	movable_type	*
sixapart	movable_type	*
sixapart	movable_type	*
sixapart	movable_type	*
sixapart	movable_type	*
sixapart	movable_type	*
sixapart	movable_type	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "3D88132B-1FE5-42F9-8E06-84DC0FA31C46",
              "versionEndIncluding": "1.29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
              "matchCriteriaId": "2005D2D5-4CA2-4644-9F87-B7DCA1EBF132",
              "versionEndIncluding": "1.29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "98A6AEB4-B75E-4759-AD1B-D87D410652E6",
              "versionEndIncluding": "6.3.11",
              "versionStartIncluding": "6.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "65955180-1085-4A67-9E96-AAAD69237E85",
              "versionEndIncluding": "6.3.11",
              "versionStartIncluding": "6.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "00F5146E-F4DF-44CD-A5AC-F42191FCE558",
              "versionEndIncluding": "6.5.3",
              "versionStartIncluding": "6.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "62413AE4-54CE-4C8F-9CD3-8C6B5F118F85",
              "versionEndIncluding": "6.5.3",
              "versionStartIncluding": "6.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:aws:*:*",
              "matchCriteriaId": "5A47BEEF-E49C-4AB5-BCB1-7A46B3784C6B",
              "versionEndIncluding": "7.2.1",
              "versionStartIncluding": "7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "5BE18A59-7288-4CB8-AFA0-C8CFAB9DCA09",
              "versionEndIncluding": "7.2.1",
              "versionStartIncluding": "7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
              "matchCriteriaId": "831E171A-BDA4-4181-B817-0D307B37D472",
              "versionEndIncluding": "7.2.1",
              "versionStartIncluding": "7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de inyecci\u00f3n del valor de atributo HTML en la serie Movable Type (Movable Type versiones 7 r.4606 (7.2.1) y anteriores (Movable Type versi\u00f3n 7), Movable Type Advanced versiones 7 r.4606 (7.2.1) y anteriores (Movable Type Advanced versi\u00f3n 7), Movable Type para AWS versiones 7 r.4606 (7.2.1) y anteriores (Movable Type para AWS versi\u00f3n 7), Movable Type versiones 6.5.3 y anteriores (Movable Type versi\u00f3n 6.5), Movable Type Advanced versiones 6.5.3 y anteriores (Movable Type Advanced versi\u00f3n 6.5), Movable Type versiones 6.3.11 y anteriores (Movable Type versi\u00f3n 6.3), Movable Type Advanced versiones 6.3.11 y anteriores (Movable Type versi\u00f3n 6.3), Movable Type Premium versiones 1.29 y anteriores, y Movable Type Premium Advanced versiones 1.29 y anteriores), permite a atacantes remotos inyectar un valor de atributo HTML arbitrario por medio de vectores no especificados."
    }
  ],
  "id": "CVE-2020-5574",
  "lastModified": "2024-11-21T05:34:17.977",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-14T02:15:11.267",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/en/jp/JVN28806943/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/en/jp/JVN28806943/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2020-5574

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2020-5574

Aliases

CVE-2020-5574

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-5574",
    "description": "HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors.",
    "id": "GSD-2020-5574"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-5574"
      ],
      "details": "HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors.",
      "id": "GSD-2020-5574",
      "modified": "2023-12-13T01:22:03.132836Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2020-5574",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Movable Type",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Six Apart Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html",
            "refsource": "MISC",
            "url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
          },
          {
            "name": "https://jvn.jp/en/jp/JVN28806943/index.html",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/jp/JVN28806943/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.29",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.29",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.3.11",
                "versionStartIncluding": "6.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.3.11",
                "versionStartIncluding": "6.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.5.3",
                "versionStartIncluding": "6.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.5.3",
                "versionStartIncluding": "6.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:aws:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.2.1",
                "versionStartIncluding": "7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.2.1",
                "versionStartIncluding": "7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.2.1",
                "versionStartIncluding": "7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2020-5574"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-74"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN28806943/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://jvn.jp/en/jp/JVN28806943/index.html"
            },
            {
              "name": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2020-05-15T17:29Z",
      "publishedDate": "2020-05-14T02:15Z"
    }
  }
}

ghsa-34jf-34wf-852g

Vulnerability from github

Published

2022-05-24 17:17

Modified

2022-05-24 17:17

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-5574"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-14T02:15:00Z",
    "severity": "MODERATE"
  },
  "details": "HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors.",
  "id": "GHSA-34jf-34wf-852g",
  "modified": "2022-05-24T17:17:57Z",
  "published": "2022-05-24T17:17:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5574"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN28806943/index.html"
    },
    {
      "type": "WEB",
      "url": "https://movabletype.org/news/2020/05/mt-730-660-6312-released.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2020-5574

Vulnerability from jvndb

Published

2020-05-13 17:59

Modified

2020-05-13 17:59

Severity ?

6.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Summary

Multiple vulnerabilities in Movable Type

Details

Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. * HTML attribute value injection vulnerability (CWE-74) - CVE-2020-5574 * Cross-site scripting due to a flaw in processing multiple query strings (CWE-79) - CVE-2020-5575 * Cross-site request forgery (CWE-352) - CVE-2020-5576 * Unrestricted upload of file with specific extentions (CWE-434) - CVE-2020-5577 The following researchers reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2020-5574, CVE-2020-5575, CVE-2020-5576 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. CVE-2020-5577 Yuji Tounai of Mitsui Bussan Secure Directions, Inc.

References

▼	Type	URL
	JVN	https://jvn.jp/en/jp/JVN28806943/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5574
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5575
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5576
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5577
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5574
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5575
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5576
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5577
	Cross-Site Request Forgery(CWE-352)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Six Apart, Ltd.	Movable Type

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000030.html",
  "dc:date": "2020-05-13T17:59+09:00",
  "dcterms:issued": "2020-05-13T17:59+09:00",
  "dcterms:modified": "2020-05-13T17:59+09:00",
  "description": "Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. \r\n* HTML attribute value injection vulnerability (CWE-74) - CVE-2020-5574\r\n* Cross-site scripting due to a flaw in processing multiple query strings (CWE-79) - CVE-2020-5575\r\n* Cross-site request forgery (CWE-352) - CVE-2020-5576\r\n* Unrestricted upload of file with specific extentions (CWE-434) - CVE-2020-5577 \r\n\r\nThe following researchers reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2020-5574, CVE-2020-5575, CVE-2020-5576\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.\r\n\r\nCVE-2020-5577\r\nYuji Tounai of Mitsui Bussan Secure Directions, Inc.",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000030.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2020-000030",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN28806943/index.html",
      "@id": "JVN#28806943",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5574",
      "@id": "CVE-2020-5574",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5575",
      "@id": "CVE-2020-5575",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5576",
      "@id": "CVE-2020-5576",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5577",
      "@id": "CVE-2020-5577",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5574",
      "@id": "CVE-2020-5574",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5575",
      "@id": "CVE-2020-5575",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5576",
      "@id": "CVE-2020-5576",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5577",
      "@id": "CVE-2020-5577",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in Movable Type"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2020-5574

Vulnerability from cvelistv5

fkie_cve-2020-5574

Vulnerability from fkie_nvd

gsd-2020-5574

Vulnerability from gsd

ghsa-34jf-34wf-852g

Vulnerability from github

cve-2020-5574

Vulnerability from jvndb

Tags

Sightings

Nomenclature