CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38972
https://notcve.org/view.php?id=CVE-2022-38972
Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series) allows a remote unauthenticated attacker to inject an arbitrary script. Una vulnerabilidad de tipo cross-site scripting en Movable Type plugin A-Form versiones anteriores a 4.1.1 (para la serie 7 de Movable Type) y versiones anteriores a 3.9.1 (para la serie 6 de Movable Type) permite a un atacante remoto no autenticado inyectar un script arbitrario • https://jvn.jp/en/jp/JVN48120704/index.html https://www.ark-web.jp/blog/archives/2022/09/a-series-411-391.html https://www.ark-web.jp/movabletype/blog/2022/09/a-series-411-391.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10899
https://notcve.org/view.php?id=CVE-2017-10899
SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en A-Reserve y A-Reserve para MT cloud en versiones 3.8.6 y anteriores permite que un atacante ejecute comandos SQL arbitrarios mediante vectores no especificados. • https://jvn.jp/en/jp/JVN78501037/index.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10898
https://notcve.org/view.php?id=CVE-2017-10898
SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en A-Member y A-Member para MT cloud en versiones 3.8.6 y anteriores permite que un atacante ejecute comandos SQL arbitrarios mediante vectores no especificados. • https://jvn.jp/en/jp/JVN78501037/index.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4274
https://notcve.org/view.php?id=CVE-2011-4274
Cross-site scripting (XSS) vulnerability in the A-Form PC and PC/Mobile before 3.1 plug-ins for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-2676. erabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el A-Form PC y PC/Mobile anterior a v3.1 plug-ins para Movable Type permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, una vulnerabilidad diferente a CVE-2011-2676. • http://www.ark-web.jp/movabletype/a-form/docs/security_patch.html http://www.ark-web.jp/movabletype/blog/2011/09/aform_update110927.html https://exchange.xforce.ibmcloud.com/vulnerabilities/70405 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2011-2676
https://notcve.org/view.php?id=CVE-2011-2676
The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote authenticated users to modify data via unspecified vectors. Lo complementos A-Form y A-Form bamboo antes de v1.3.6 y v2.x antes de v2.0.3, y A-Form PC y PC/Mobile antes de v3.1 para Movable Type, no requieren autenticación administrativa, lo que permite a usuarios autenticados remotamente modificar datos a través de vectores no especificados • http://jvn.jp/en/jp/JVN34980730/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2011-000078 http://www.ark-web.jp/movabletype/a-form/docs/security_patch.html http://www.ark-web.jp/movabletype/blog/2011/09/aform_update110927.html https://exchange.xforce.ibmcloud.com/vulnerabilities/70408 • CWE-287: Improper Authentication •