Cross-site scripting (XSS) vulnerability in Movable Type prior to 2.6, and possibly other versions including 2.63, allows remote malicious users to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
six apart movable type 2.63 |
||
six apart movable type |