CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2007-6751
https://notcve.org/view.php?id=CVE-2007-6751
Cross-site scripting (XSS) vulnerability in the MailForm plugin before 1.20 for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilida de ejecución de secuencias de comandos en sitios cruzados (XSS) en el complemento MailForm antes de v1.20 para Movable Type, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN60887968/index.html http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000108.html http://www.h-fj.com/blog/archives/2007/01/23-111038.php https://exchange.xforce.ibmcloud.com/vulnerabilities/72344 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4274
https://notcve.org/view.php?id=CVE-2011-4274
Cross-site scripting (XSS) vulnerability in the A-Form PC and PC/Mobile before 3.1 plug-ins for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-2676. erabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el A-Form PC y PC/Mobile anterior a v3.1 plug-ins para Movable Type permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, una vulnerabilidad diferente a CVE-2011-2676. • http://www.ark-web.jp/movabletype/a-form/docs/security_patch.html http://www.ark-web.jp/movabletype/blog/2011/09/aform_update110927.html https://exchange.xforce.ibmcloud.com/vulnerabilities/70405 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0CVE-2010-3921
https://notcve.org/view.php?id=CVE-2010-3921
Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Movable Type v4.x anterior v4.35 y v5.x anterior v5.04 permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • http://jvn.jp/en/jp/JVN36673836/index.html http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000060.html http://secunia.com/advisories/42539 http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html http://www.securitytracker.com/id?1024833 http://www.vupen.com/english/advisories/2010/3145 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2010-4511
https://notcve.org/view.php?id=CVE-2010-4511
Unspecified vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 has unknown impact and attack vectors related to the "dynamic publishing error message." Vulnerabilidad no especificada en Movable Type 4.x en versiones anteriores a la 4.35 y 5.x en versiones anteriores a la 5.04 tiene un impacto y unos vectores de ataque desconocidos relacionados con el "mensaje de error de publicación dinámica". • http://osvdb.org/69751 http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html http://www.securityfocus.com/bid/45380 https://exchange.xforce.ibmcloud.com/vulnerabilities/64129 •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2010-3922
https://notcve.org/view.php?id=CVE-2010-3922
SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Movable Type v4.x anterior v4.35 y v5.x anterior v5.04 permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • http://jvn.jp/en/jp/JVN78536512/index.html http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000061.html http://secunia.com/advisories/42539 http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html http://www.securitytracker.com/id?1024833 http://www.vupen.com/english/advisories/2010/3145 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •