CVE-2011-5084

Опубликовано: 02 апр. 2012

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Ссылки

http://www.debian.org/security/2012/dsa-2423
http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html
Patch
Vendor Advisory
http://www.debian.org/security/2012/dsa-2423
http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sixapart:movable_type:4.0:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.0:beta:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.0:beta2:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.0:beta3:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.0:beta4:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.0:beta5:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.0:beta6:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.0:beta7:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.0:rc1:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.0:rc2:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.0:rc3:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.01:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.1:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.1:beta:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.01:beta:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.1:beta2:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.01:beta2:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.1:rc1:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.01:rc1:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.2:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.2:rc2:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.2:rc4:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.2:rc5:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.12:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.15:beta1:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.15:beta3:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.15:beta4:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.21:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.22:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.23:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.24:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.25:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.26:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.27:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.28:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.29:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.35:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.36:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.261:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.291:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:4.292:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:sixapart:movable_type:5.0:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:5.0:beta1:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:5.0:beta2:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:5.0:beta3:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:5.0:beta4:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:5.0:rc2:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:5.0:rc3:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:5.01:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:5.02:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:5.03:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:5.04:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:5.05:*:*:*:*:*:*:*

cpe:2.3:a:sixapart:movable_type:5.031:*:*:*:*:*:*:*

EPSS

Процентиль: 49%

0.00263

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2011-5084

ubuntu

почти 14 лет назад

Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2011-5084

debian

почти 14 лет назад

Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4. ...

GHSA-8g7p-q74m-p945

github

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

EPSS

Процентиль: 49%

0.00263

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79