Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-5575

Опубликовано: 14 мая 2020
Источник: nvd
CVSS3: 6.1
CVSS2: 4.3
EPSS Низкий

Описание

Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*
Версия до 1.29 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*
Версия до 1.29 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*
Версия от 6.3 (включая) до 6.3.11 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*
Версия от 6.3 (включая) до 6.3.11 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*
Версия от 6.5.0 (включая) до 6.5.3 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*
Версия от 6.5.0 (включая) до 6.5.3 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:aws:*:*
Версия от 7.0 (включая) до 7.2.1 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*
Версия от 7.0 (включая) до 7.2.1 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*
Версия от 7.0 (включая) до 7.2.1 (включая)

EPSS

Процентиль: 53%
0.00305
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2020-5575

CVSS3: 6.1
ubuntu
больше 5 лет назад

Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

debian логотип

CVE-2020-5575

CVSS3: 6.1
debian
больше 5 лет назад

Cross-site scripting vulnerability in Movable Type series (Movable Typ ...

github логотип

GHSA-fpmm-r4rm-5rg2

github
больше 3 лет назад

Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

EPSS

Процентиль: 53%
0.00305
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79