CVE-2021-20664

Опубликовано: 05 мар. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.

Ссылки

https://jvn.jp/en/jp/JVN66542874/index.html
Third Party Advisory
https://movabletype.org/news/2021/02/mt-760-676-released.html
Release Notes
Vendor Advisory
https://jvn.jp/en/jp/JVN66542874/index.html
Third Party Advisory
https://movabletype.org/news/2021/02/mt-760-676-released.html
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:movabletype:movable_type:*:*:*:*:*:*:*:*

Версия до 6.7.5 (включая)

cpe:2.3:a:movabletype:movable_type:*:*:*:*:*:*:*:*

Версия от 7.0000 (включая) до 7.4705 (включая)

cpe:2.3:a:movabletype:movable_type_advanced:*:*:*:*:*:*:*:*

Версия до 7.4705 (включая)

cpe:2.3:a:movabletype:movable_type_premium:*:*:*:*:*:*:*:*

Версия до 1.39 (включая)

cpe:2.3:a:movabletype:movable_type_premium_advanced:*:*:*:*:*:*:*:*

Версия до 1.39 (включая)

EPSS

Процентиль: 57%

0.00347

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-20664

CVSS3: 6.1

debian

почти 5 лет назад

Cross-site scripting vulnerability in in Asset registration screen of ...

GHSA-pww3-vwvw-q638

github

больше 3 лет назад