CVE-2010-1985

Опубликовано: 19 мая 2010

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

Ссылки

http://jvn.jp/en/jp/JVN92854093/index.html
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000017.html
http://secunia.com/advisories/39741
Vendor Advisory
http://www.movabletype.com/blog/2010/05/movable-type-502.html
http://www.movabletype.org/documentation/appendices/release-notes/movable-type-502.html
http://www.vupen.com/english/advisories/2010/1136
Vendor Advisory
http://jvn.jp/en/jp/JVN92854093/index.html
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000017.html
http://secunia.com/advisories/39741
Vendor Advisory
http://www.movabletype.com/blog/2010/05/movable-type-502.html
http://www.movabletype.org/documentation/appendices/release-notes/movable-type-502.html
http://www.vupen.com/english/advisories/2010/1136
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sixapart:movable_type:5.0:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:5.01:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00516

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-8vh2-65q3-9g8m

github

больше 3 лет назад