Описание
Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sixapart:movabletype:4.0:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:4.1:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:4.2:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:4.3:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:4.23:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:4.25:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:4.26:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:4.31:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:4.32:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:4.33:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:4.34:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:4.261:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:5.01:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:5.02:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:5.03:*:*:*:*:*:*:*
cpe:2.3:a:sixapart:movabletype:5.031:*:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00475
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
ubuntu
около 15 лет назад
Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
debian
около 15 лет назад
Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4. ...
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
EPSS
Процентиль: 64%
0.00475
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79