six apart movable type 2.63 vulnerabilities and exploits

(subscribe to this query)

Cross-site scripting (XSS) vulnerability in Movable Type prior to 2.6, and possibly other versions including 2.63, allows remote malicious users to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled.

Six Apart Movable Type 2.63 Six Apart Movable Type

mt-wizard.cgi in Six Apart Movable Type prior to 4.261, when global templates are not initialized, allows remote malicious users to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook