Published: 03/03/2012 Updated: 18/01/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Movable Type prior to 4.38, 5.0x prior to 5.07, and 5.1x prior to 5.13 allow remote malicious users to inject arbitrary web script or HTML via vectors involving templates, a different issue than CVE-2012-1262.

Vulnerable Product	Search on Vulmon	Subscribe to Product
movabletype movable type open source 5.051
movabletype movable type open source 5.05
movabletype movable type open source 4.36
movabletype movable type open source 4.35
movabletype movable type open source 4.26
movabletype movable type open source 4.25
movabletype movable type open source 4.01
movabletype movable type open source 4.0
movabletype movable type open source 5.1
movabletype movable type open source 5.04
movabletype movable type open source 4.34
movabletype movable type open source 4.33
movabletype movable type open source 4.23
movabletype movable type open source 4.2
movabletype movable type open source 5.11
movabletype movable type open source 5.06
movabletype movable type open source
movabletype movable type open source 4.361
movabletype movable type open source 4.3
movabletype movable type open source 4.261
movabletype movable type open source 4.1
movabletype movable type open source 5.12
movabletype movable type open source 5.031
movabletype movable type open source 5.03
movabletype movable type open source 5.02
movabletype movable type open source 4.32
movabletype movable type open source 4.31
movabletype movable type enterprise 5.04
movabletype movable type enterprise 5.12
movabletype movable type enterprise 5.11
movabletype movable type enterprise 5.03
movabletype movable type enterprise 5.02
movabletype movable type enterprise 4.31
movabletype movable type enterprise 4.3
movabletype movable type enterprise 4.2
movabletype movable type enterprise 4.1
movabletype movable type enterprise 5.031
movabletype movable type enterprise 4.33
movabletype movable type enterprise 4.32
movabletype movable type enterprise 4.0
movabletype movable type enterprise 5.05
movabletype movable type enterprise 5.1
movabletype movable type enterprise 4.35
movabletype movable type enterprise 4.34
movabletype movable type enterprise 4.25
movabletype movable type enterprise 4.23
movabletype movable type enterprise
movabletype movable type enterprise 5.06
movabletype movable type enterprise 5.051
movabletype movable type enterprise 4.361
movabletype movable type enterprise 4.36
movabletype movable type enterprise 4.261
movabletype movable type enterprise 4.26
movabletype movable type enterprise 4.01
movabletype movable type advanced 5.06
movabletype movable type advanced 5.051
movabletype movable type advanced 4.361
movabletype movable type advanced 4.36
movabletype movable type advanced 4.26
movabletype movable type advanced 4.25
movabletype movable type advanced 4.01
movabletype movable type advanced 4.0
movabletype movable type advanced 5.12
movabletype movable type advanced 5.11
movabletype movable type advanced 5.03
movabletype movable type advanced 5.02
movabletype movable type advanced 4.3
movabletype movable type advanced 4.261
movabletype movable type advanced 4.2
movabletype movable type advanced 4.1
movabletype movable type advanced 5.04
movabletype movable type advanced 5.031
movabletype movable type advanced 4.33
movabletype movable type advanced 4.32
movabletype movable type advanced 4.31
movabletype movable type advanced 5.05
movabletype movable type advanced 5.1
movabletype movable type advanced 4.35
movabletype movable type advanced 4.34
movabletype movable type advanced 4.23
movabletype movable type advanced
movabletype movable type pro 5.05
movabletype movable type pro 5.1
movabletype movable type pro 4.34
movabletype movable type pro 4.33
movabletype movable type pro 4.23
movabletype movable type pro 4.2
movabletype movable type pro
movabletype movable type pro 5.06
movabletype movable type pro 5.051
movabletype movable type pro 4.36
movabletype movable type pro 4.35
movabletype movable type pro 4.26
movabletype movable type pro 4.25
movabletype movable type pro 4.01
movabletype movable type pro 4.0
movabletype movable type pro 5.12
movabletype movable type pro 5.11
movabletype movable type pro 5.03
movabletype movable type pro 5.02
movabletype movable type pro 4.361
movabletype movable type pro 4.3
movabletype movable type pro 4.261
movabletype movable type pro 4.1
movabletype movable type pro 5.04
movabletype movable type pro 5.031
movabletype movable type pro 4.32
movabletype movable type pro 4.31

Several vulnerabilities were discovered in Movable Type, a blogging system: Under certain circumstances, a user who has Create Entries or Manage Blog permissions may be able to read known files on the local file system The file management system contains shell command injection vulnerabilities, the most serious of which may lead to arbitrary OS co ...

CWE-79 http://jvndb.jvn.jp/jvndb/JVNDB-2012-000016 http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html http://www.movabletype.org/documentation/appendices/release-notes/513.html http://jvn.jp/en/jp/JVN49836527/index.html http://www.securitytracker.com/id?1026738 http://www.securityfocus.com/bid/52138 http://www.debian.org/security/2012/dsa-2423 https://nvd.nist.gov https://www.debian.org/security/./dsa-2423

Get Started

CVE-2012-0318

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect