CVE-2008-5808
https://notcve.org/view.php?id=CVE-2008-5808
Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to "application management." Vulnerabilidad de Secuencias de comandos en Sitios Cruzados (XSS) en Six Apart Movable Type Enterprise (MTE) v1.x anteriores a v1.56; Movable Type (MT) v3.x anteriores a v3.38; y Movable Type, Movable Type Open Source (MTOS), y Movable Type Enterprise v4.x anteriores a v4.23, permite a atacantes remotos inyectar secuencias de comandos Web o HTML a través de vectores no especificados, posiblemente esté relacionado con "gestión de la aplicación". • http://jvn.jp/en/jp/JVN02216739/index.html http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000067.html http://secunia.com/advisories/32935 http://www.movabletype.jp/blog/_movable_type_423.html http://www.securityfocus.com/bid/32604 https://exchange.xforce.ibmcloud.com/vulnerabilities/47019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-4079
https://notcve.org/view.php?id=CVE-2008-4079
Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x through 4.20, and 3.36 and earlier; Movable Type Enterprise 4.x through 4.20, and 1.54 and earlier; and Movable Type Community Solution allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Movable Type (MT) 4.x hasta 4.20, y 3.36 y versiones anteriores; Movable Type Enterprise 4.x hasta 4.20, y 1.54 y versiones anteriores; y Movable Type Community Solution permite a atacantes remotos inyectar web script o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN30385652/index.html http://www.securityfocus.com/bid/31073 http://www.sixapart.jp/movabletype/news/2008/08/07-1445.html http://www.sixapart.jp/movabletype/news/2008/08/28-1500.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-3342
https://notcve.org/view.php?id=CVE-2007-3342
Multiple cross-site scripting (XSS) vulnerabilities in Movable Type (MT) before 3.34 allow remote attackers to inject arbitrary web script or HTML via comments that have (1) a malformed SGML numeric character reference with a '\0' (0x00) character in a javascript: URI or (2) an attribute in an element that lacks the '>' character at the end of the start tag, a different vulnerability than CVE-2007-0231. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el Movable Type (MT) anterior al 3.34, permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través de comentarios que tienen (1) una referencia a un caracter numérico SGML mal formado con un caracter '\0' (0x00) en un javascript: URI o (2) un atributo en un elemento que carece del caracter '>' al final de la etiqueta de comienzo, vulnerabilidad diferente a la CVE-2007-0231. • http://osvdb.org/38621 http://securityreason.com/securityalert/2821 http://www.securityfocus.com/archive/1/458196/100/0/threaded http://www.sixapart.com/movabletype/beta/distros/MT-3.34-beta-Release-Notes.html •
CVE-2007-0604
https://notcve.org/view.php?id=CVE-2007-0604
Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry screen," a different vulnerability than CVE-2007-0231. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Movable Type (MT) anterior a 3.34 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados relacionados con la etiqueta MTCommentPreviewIsStatic, lo cual abre la "pantalla de entrada de comentarios", una vulnerabilidad diferente que CVE-2007-0231. • http://osvdb.org/32987 http://www.sixapart.com/movabletype/beta/distros/MT-3.34-beta-Release-Notes.html •
CVE-2007-0231
https://notcve.org/view.php?id=CVE-2007-0231
Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Movable Type (MT) 3.33, cuando nofollow está desactivado y comentarios sin moderación activado, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo Comments. • http://golem.ph.utexas.edu/~distler/blog/archives/001102.html http://osvdb.org/32717 http://secunia.com/advisories/23669 http://www.vupen.com/english/advisories/2007/0142 http://www.zackvision.com/weblog/2007/01/movabletype-security-bug.html •