Page 5 of 35 results (0.012 seconds)

CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0

Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. Una vulnerabilidad de tipo cross-site scripting en la serie Movable Type (Movable Type versiones 7 r.4606 (7.2.1) y anteriores (Movable Type versión 7), Movable Type Advanced versiones 7 r.4606 (7.2.1) y anteriores (Movable Type Advanced versión 7), Movable Type para AWS versiones 7 r.4606 (7.2.1) y anteriores (Movable Type para AWS versión 7), Movable Type versiones 6.5.3 y anteriores (Movable Type versión 6.5), Movable Type Advanced versiones 6.5.3 y anteriores (Movable Type Advanced versión 6.5), Movable Type versiones 6.3.11 y anteriores (Movable Type versión 6.3), Movable Type Advanced versiones 6.3.11 y anteriores (Movable Type versión 6.3), Movable Type Premium versiones 1.29 y anteriores, y Movable Type Premium Advanced versiones 1.29 y anteriores), permite a atacantes remotos inyectar script o HTML arbitrario por medio de vectores no especificados. • https://jvn.jp/en/jp/JVN28806943/index.html https://movabletype.org/news/2020/05/mt-730-660-6312-released.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en Movable Type en versiones anteriores a la 6.3.1 permite que los atacantes remotos inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. • http://jvn.jp/en/jp/JVN89550319/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0

Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter. Movable Type anterior a 5.2.6 no utiliza correctamente la función Storable::thaw, lo que permite a atacantes remotos ejecutar código arbitrario a través del parámetro comment_state. • http://seclists.org/oss-sec/2013/q2/560 http://seclists.org/oss-sec/2013/q2/568 http://www.debian.org/security/2015/dsa-3183 https://movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html • CWE-17: DEPRECATED: Code •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0

SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la interfaz XML-RPC en Movable Type anterior a 5.18, 5.2.x anterior a 5.2.11, y 6.x anterior a 6.0.6 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/61227 https://movabletype.org/documentation/appendices/release-notes/6.0.6.html https://movabletype.org/news/2014/12/6.0.6.html https://www.debian.org/security/2015/dsa-3183 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 1%CPEs: 87EXPL: 0

Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the (1) commenting feature and (2) community script. Movable Type anteriores a 4.38, 5.0x anteriores a 5.07, y 5.1x anteriores a 5.13 permite a atacantes remotos controlar las sesiones a través de vectores sin especificar relacionados con (1) la característica "commenting" (2) y "community script". • http://jvn.jp/en/jp/JVN20083397/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000018 http://www.debian.org/security/2012/dsa-2423 http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html http://www.movabletype.org/documentation/appendices/release-notes/513.html http://www.securityfocus.com/bid/52138 http://www.securitytracker.com/id?1026738 •