CVE-2012-1503

Опубликовано: 29 авг. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.

Ссылки

http://osvdb.org/show/osvdb/86729
http://packetstormsecurity.org/files/117564/Movable-Type-Pro-5.13en-Cross-Site-Scripting.html
Exploit
http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html
Exploit
http://www.exploit-db.com/exploits/22151
Exploit
http://www.securityfocus.com/bid/56160
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/79521
http://osvdb.org/show/osvdb/86729
http://packetstormsecurity.org/files/117564/Movable-Type-Pro-5.13en-Cross-Site-Scripting.html
Exploit
http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html
Exploit
http://www.exploit-db.com/exploits/22151
Exploit
http://www.securityfocus.com/bid/56160
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/79521

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sixapart:movable_type:5.13:*:*:*:professional:*:*:*

EPSS

Процентиль: 91%

0.06559

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-crq9-rq4m-26gj

github

больше 3 лет назад