Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-5528

Опубликовано: 06 фев. 2020
Источник: nvd
CVSS3: 6.1
CVSS2: 4.3
EPSS Низкий

Описание

Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*
Версия от 6.5.0 (включая) до 6.5.2 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:*
Версия от 7.0 (включая) до 7.1.4 (включая)
Конфигурация 2

Одно из

cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*
Версия до 1.26 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*
Версия до 1.26 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*
Версия от 6.5.0 (включая) до 6.5.2 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*
Версия от 7.0 (включая) до 7.1.4 (включая)

EPSS

Процентиль: 62%
0.00429
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2020-5528

CVSS3: 6.1
ubuntu
около 6 лет назад

Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL.

debian логотип

CVE-2020-5528

CVSS3: 6.1
debian
около 6 лет назад

Cross-site scripting vulnerability in Movable Type series (Movable Typ ...

github логотип

GHSA-5928-fcw8-m7f4

github
больше 3 лет назад

Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL.

EPSS

Процентиль: 62%
0.00429
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79