CVE-2021-20665

Опубликовано: 05 мар. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.

Ссылки

https://jvn.jp/en/jp/JVN66542874/index.html
Third Party Advisory
https://movabletype.org/news/2021/02/mt-760-676-released.html
Release Notes
Vendor Advisory
https://jvn.jp/en/jp/JVN66542874/index.html
Third Party Advisory
https://movabletype.org/news/2021/02/mt-760-676-released.html
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:movabletype:movable_type:*:*:*:*:*:*:*:*

Версия до 7.4705 (включая)

cpe:2.3:a:movabletype:movable_type_advanced:*:*:*:*:*:*:*:*

Версия до 7.4705 (включая)

cpe:2.3:a:movabletype:movable_type_premium:*:*:*:*:*:*:*:*

Версия до 1.39 (включая)

cpe:2.3:a:movabletype:movable_type_premium_advanced:*:*:*:*:*:*:*:*

Версия до 1.39 (включая)

EPSS

Процентиль: 57%

0.00347

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-20665

CVSS3: 6.1

debian

почти 5 лет назад

Cross-site scripting vulnerability in in Add asset screen of Contents ...

GHSA-7ppf-q9mq-qg3g

github

больше 3 лет назад