CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2480
https://notcve.org/view.php?id=CVE-2009-2480
Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type 4.24, and 4.25 when global templates are not initialized, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados - XSS - en mt-wizard.cgi en Six Apart Movable Type v4.24, y v4.25, cuando plantillas globales no son inicializadas, permite atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN97248625/index.html http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000020.html http://secunia.com/advisories/35534 http://www.movabletype.org/documentation/appendices/release-notes/426.html http://www.securityfocus.com/bid/35471 http://www.vupen.com/english/advisories/2009/1668 https://exchange.xforce.ibmcloud.com/vulnerabilities/51329 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •