Published: 02/04/2012 Updated: 18/01/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in Movable Type 4.x prior to 4.36 and 5.x prior to 5.05 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sixapart movable type 4.0
sixapart movable type 4.01
sixapart movable type 4.15
sixapart movable type 4.1
sixapart movable type 4.2
sixapart movable type 4.24
sixapart movable type 4.25
sixapart movable type 4.26
sixapart movable type 4.35
sixapart movable type 4.36
sixapart movable type 4.261
sixapart movable type 4.27
sixapart movable type 4.22
sixapart movable type 4.23
sixapart movable type 4.291
sixapart movable type 4.292
sixapart movable type 4.12
sixapart movable type 4.21
sixapart movable type 4.28
sixapart movable type 4.29
sixapart movable type 5.0
sixapart movable type 5.05
sixapart movable type 5.01
sixapart movable type 5.031
sixapart movable type 5.04
sixapart movable type 5.02
sixapart movable type 5.03

Several vulnerabilities were discovered in Movable Type, a blogging system: Under certain circumstances, a user who has Create Entries or Manage Blog permissions may be able to read known files on the local file system The file management system contains shell command injection vulnerabilities, the most serious of which may lead to arbitrary OS co ...

CWE-79 http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html http://www.debian.org/security/2012/dsa-2423 https://nvd.nist.gov https://www.debian.org/security/./dsa-2423

CVE-2011-5084

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect