Published: 03/03/2012 Updated: 18/01/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type prior to 4.38, 5.0x prior to 5.07, and 5.1x prior to 5.13, when the product is incompletely installed, allows remote malicious users to inject arbitrary web script or HTML via the dbuser parameter, a different vulnerability than CVE-2012-0318.

Vulnerable Product	Search on Vulmon	Subscribe to Product
movabletype movable type open source 5.04
movabletype movable type open source 5.031
movabletype movable type open source 4.34
movabletype movable type open source 4.33
movabletype movable type open source 4.2
movabletype movable type open source 4.1
movabletype movable type open source 5.12
movabletype movable type open source 5.11
movabletype movable type open source 5.03
movabletype movable type open source 5.02
movabletype movable type open source 4.32
movabletype movable type open source 4.31
movabletype movable type open source 4.3
movabletype movable type open source 4.0
movabletype movable type open source 5.05
movabletype movable type open source 5.1
movabletype movable type open source 4.36
movabletype movable type open source 4.35
movabletype movable type open source 4.25
movabletype movable type open source 4.23
movabletype movable type open source 5.06
movabletype movable type open source 5.051
movabletype movable type open source
movabletype movable type open source 4.361
movabletype movable type open source 4.261
movabletype movable type open source 4.26
movabletype movable type open source 4.01
movabletype movable type enterprise 5.12
movabletype movable type enterprise 5.11
movabletype movable type enterprise 5.03
movabletype movable type enterprise 5.02
movabletype movable type enterprise 4.361
movabletype movable type enterprise 4.3
movabletype movable type enterprise 4.261
movabletype movable type enterprise 4.2
movabletype movable type enterprise 4.1
movabletype movable type enterprise 5.06
movabletype movable type enterprise 5.051
movabletype movable type enterprise 4.36
movabletype movable type enterprise 4.35
movabletype movable type enterprise 4.26
movabletype movable type enterprise 4.25
movabletype movable type enterprise 4.01
movabletype movable type enterprise 4.0
movabletype movable type enterprise 5.04
movabletype movable type enterprise 5.031
movabletype movable type enterprise 4.32
movabletype movable type enterprise 4.31
movabletype movable type enterprise 5.05
movabletype movable type enterprise 5.1
movabletype movable type enterprise 4.34
movabletype movable type enterprise 4.33
movabletype movable type enterprise 4.23
movabletype movable type enterprise
movabletype movable type advanced 5.06
movabletype movable type advanced 5.051
movabletype movable type advanced 5.05
movabletype movable type advanced 4.36
movabletype movable type advanced 4.35
movabletype movable type advanced 4.26
movabletype movable type advanced 4.25
movabletype movable type advanced 4.0
movabletype movable type advanced
movabletype movable type advanced 5.1
movabletype movable type advanced 5.04
movabletype movable type advanced 4.34
movabletype movable type advanced 4.33
movabletype movable type advanced 4.23
movabletype movable type advanced 4.2
movabletype movable type advanced 5.12
movabletype movable type advanced 5.11
movabletype movable type advanced 5.02
movabletype movable type advanced 4.361
movabletype movable type advanced 4.3
movabletype movable type advanced 4.261
movabletype movable type advanced 4.1
movabletype movable type advanced 4.01
movabletype movable type advanced 5.031
movabletype movable type advanced 5.03
movabletype movable type advanced 4.32
movabletype movable type advanced 4.31
movabletype movable type pro 5.1
movabletype movable type pro 5.04
movabletype movable type pro 4.34
movabletype movable type pro 4.33
movabletype movable type pro 5.12
movabletype movable type pro 5.031
movabletype movable type pro 5.03
movabletype movable type pro 4.32
movabletype movable type pro 4.31
movabletype movable type pro 4.0
movabletype movable type pro 4.2
movabletype movable type pro 4.1
movabletype movable type pro 5.051
movabletype movable type pro 5.05
movabletype movable type pro 4.36
movabletype movable type pro 4.35
movabletype movable type pro 4.25
movabletype movable type pro 4.23
movabletype movable type pro
movabletype movable type pro 5.11
movabletype movable type pro 5.06
movabletype movable type pro 5.02
movabletype movable type pro 4.361
movabletype movable type pro 4.3
movabletype movable type pro 4.261
movabletype movable type pro 4.26
movabletype movable type pro 4.01

Several vulnerabilities were discovered in Movable Type, a blogging system: Under certain circumstances, a user who has Create Entries or Manage Blog permissions may be able to read known files on the local file system The file management system contains shell command injection vulnerabilities, the most serious of which may lead to arbitrary OS co ...

Movable Type Publishing Platform versions prior to 513, 507, and 438 are affected by a cross site scripting vulnerability After extracting the Moveable Type CGI files and source files on to a web server, but before the application is fully installed, cross site scripting vulnerabilities are present in the '/cgi-bin/mt/mt-wizardcgi' page ...

CWE-79 http://jvndb.jvn.jp/jvndb/JVNDB-2012-000016 http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html http://www.movabletype.org/documentation/appendices/release-notes/513.html http://jvn.jp/en/jp/JVN49836527/index.html https://www.trustwave.com/spiderlabs/advisories/TWSL2012-003.txt http://www.securitytracker.com/id?1026738 http://www.securityfocus.com/bid/52138 http://packetstormsecurity.org/files/110203/Movable-Type-Publishing-Platform-Cross-Site-Scripting.html http://osvdb.org/79470 http://seclists.org/fulldisclosure/2012/Feb/407 https://exchange.xforce.ibmcloud.com/vulnerabilities/73480 https://exchange.xforce.ibmcloud.com/vulnerabilities/73411 http://www.debian.org/security/2012/dsa-2423 https://nvd.nist.gov https://www.debian.org/security/./dsa-2423

Get Started

CVE-2012-1262

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect