CVE-2020-5528

Опубликовано: 06 фев. 2020

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 4.3

CVSS3: 6.1

Описание

Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL.

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	DNE
precise	ignored	end of life
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 62%

0.00429

Низкий

4.3 Medium

CVSS2

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2020-5528

CVSS3: 6.1

nvd

около 6 лет назад

CVE-2020-5528

CVSS3: 6.1

debian

около 6 лет назад

Cross-site scripting vulnerability in Movable Type series (Movable Typ ...

GHSA-5928-fcw8-m7f4

github

больше 3 лет назад

EPSS

Процентиль: 62%

0.00429

Низкий

4.3 Medium

CVSS2

6.1 Medium

CVSS3

CVE-2020-5528

Описание

Пакет movabletype-opensource

Ссылки на источники

Связанные уязвимости