6 results (0.009 seconds)

CVSS: 7.5EPSS: 5%CPEs: 19EXPL: 0

Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates. Vulnerabilidad de la cadena de formatos en Movable Type Pro, Open Source, y Advanced anterior a 5.2.13 y Pro y Advanced 6.0.x anterior a 6.0.8 permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con la localización de plantillas. • http://www.debian.org/security/2015/dsa-3227 http://www.securitytracker.com/id/1032153 https://movabletype.org/news/2015/04/movable_type_608_and_5213_released_to_close_security_vulnera.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0

Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable Type 5.0x, 5.1x before 5.161, 5.2.x before 5.2.9, and 6.0.x before 6.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad cross-site scripting (XSS) en Rich Text Editor de Movable Type 5.0x, 5.1x anteriores a 5.161, 5.2. anteriores a 5.2.9 y 6.0.x anteriores a 6.0.1 permite a atacantes remotos inyectar script web o HTML a través de vectores no especificados. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734304 http://movabletype.org/news/2013/11/movable_type_601_529_and_5161_released_to_close_security_vul.html http://seclists.org/oss-sec/2014/q1/24 http://seclists.org/oss-sec/2014/q1/36 http://secunia.com/advisories/56295 http://secunia.com/advisories/56405 http://www.debian.org/security/2014/dsa-2841 http://www.securityfocus.com/bid/64657 http://www.securitytracker.com/id/1029588 https://exchange.xforce.ibmcloud& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0

Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Movable Type v4.x anterior v4.35 y v5.x anterior v5.04 permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • http://jvn.jp/en/jp/JVN36673836/index.html http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000060.html http://secunia.com/advisories/42539 http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html http://www.securitytracker.com/id?1024833 http://www.vupen.com/english/advisories/2010/3145 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0

Unspecified vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 has unknown impact and attack vectors related to the "dynamic publishing error message." Vulnerabilidad no especificada en Movable Type 4.x en versiones anteriores a la 4.35 y 5.x en versiones anteriores a la 5.04 tiene un impacto y unos vectores de ataque desconocidos relacionados con el "mensaje de error de publicación dinámica". • http://osvdb.org/69751 http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html http://www.securityfocus.com/bid/45380 https://exchange.xforce.ibmcloud.com/vulnerabilities/64129 •

CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0

SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Movable Type v4.x anterior v4.35 y v5.x anterior v5.04 permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • http://jvn.jp/en/jp/JVN78536512/index.html http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000061.html http://secunia.com/advisories/42539 http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html http://www.securitytracker.com/id?1024833 http://www.vupen.com/english/advisories/2010/3145 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •