Six Apart » Movable Type » 2.63 : Security Vulnerabilities, CVEs,

cpe:2.3:a:six_apart:movable_type:2.63:*:*:*:*:*:*:*

CVE-2009-2492

Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.
Max CVSS
2.6
EPSS Score
0.25%
Published
2009-07-17
Updated
2009-08-07

CVE-2009-2481

mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors.
Max CVSS
5.8
EPSS Score
0.45%
Published
2009-07-16
Updated
2017-08-17

CVE-2007-3342

Multiple cross-site scripting (XSS) vulnerabilities in Movable Type (MT) before 3.34 allow remote attackers to inject arbitrary web script or HTML via comments that have (1) a malformed SGML numeric character reference with a '\0' (0x00) character in a javascript: URI or (2) an attribute in an element that lacks the '>' character at the end of the start tag, a different vulnerability than CVE-2007-0231.
Max CVSS
4.3
EPSS Score
0.27%
Published
2007-06-21
Updated
2018-10-16

CVE-2003-0287

Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled.
Max CVSS
6.8
EPSS Score
1.84%
Published
2003-06-16
Updated
2017-07-11
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close