Описание
Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series) allows a remote unauthenticated attacker to inject an arbitrary script.
Ссылки
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.9.1 (исключая)Версия до 4.1.1 (исключая)
Одно из
cpe:2.3:a:ark-web:a-form:*:*:*:*:*:movable_type_6_series:*:*
cpe:2.3:a:ark-web:a-form:*:*:*:*:*:movable_type_7_series:*:*
EPSS
Процентиль: 79%
0.01278
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series) allows a remote unauthenticated attacker to inject an arbitrary script.
EPSS
Процентиль: 79%
0.01278
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79