CVE-2008-5845

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View template; a (5) listing screen or (6) edit screen in the CMS app; (7) a TrackBack title, related to the HTML sanitization library; or (8) a user archive name (aka archive title) on a published Community Blog template.

Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Six Apart Movable Type (MT) anterior a v4.23 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, o (4) el campo MTCommenterName en una plantilla Profile View; un (5) listado de pantalla o (6) pantalla de edición en el CMS app; (7) un título TrackBack, relacionado con la librería HTML sanitization; o (8) un archivo de nombre de usuario (también llamado archive title) en una plantilla publicada Community Blog.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-01-05 CVE Reserved
2009-01-05 CVE Published
2023-03-07 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (3)

URL	Tag	Source
http://jvn.jp/en/jp/JVN45658190/index.html	Third Party Advisory
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000031.html	Third Party Advisory
http://www.movabletype.org/mt_423_change_log.html	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sixapart Search vendor "Sixapart"		Movable Type Search vendor "Sixapart" for product "Movable Type"				<= 4.21 Search vendor "Sixapart" for product "Movable Type" and version " <= 4.21"		-		Affected
Sixapart Search vendor "Sixapart"		Movable Type Search vendor "Sixapart" for product "Movable Type"				3.0d Search vendor "Sixapart" for product "Movable Type" and version "3.0d"		-		Affected
Sixapart Search vendor "Sixapart"		Movable Type Search vendor "Sixapart" for product "Movable Type"				3.1 Search vendor "Sixapart" for product "Movable Type" and version "3.1"		-		Affected
Sixapart Search vendor "Sixapart"		Movable Type Search vendor "Sixapart" for product "Movable Type"				3.01d Search vendor "Sixapart" for product "Movable Type" and version "3.01d"		-		Affected
Sixapart Search vendor "Sixapart"		Movable Type Search vendor "Sixapart" for product "Movable Type"				3.2 Search vendor "Sixapart" for product "Movable Type" and version "3.2"		-		Affected
Sixapart Search vendor "Sixapart"		Movable Type Search vendor "Sixapart" for product "Movable Type"				3.3 Search vendor "Sixapart" for product "Movable Type" and version "3.3"		-		Affected
Sixapart Search vendor "Sixapart"		Movable Type Search vendor "Sixapart" for product "Movable Type"				3.11 Search vendor "Sixapart" for product "Movable Type" and version "3.11"		-		Affected
Sixapart Search vendor "Sixapart"		Movable Type Search vendor "Sixapart" for product "Movable Type"				3.12 Search vendor "Sixapart" for product "Movable Type" and version "3.12"		-		Affected
Sixapart Search vendor "Sixapart"		Movable Type Search vendor "Sixapart" for product "Movable Type"				3.14 Search vendor "Sixapart" for product "Movable Type" and version "3.14"		-		Affected
Sixapart Search vendor "Sixapart"		Movable Type Search vendor "Sixapart" for product "Movable Type"				3.15 Search vendor "Sixapart" for product "Movable Type" and version "3.15"		-		Affected
Sixapart Search vendor "Sixapart"		Movable Type Search vendor "Sixapart" for product "Movable Type"				3.16 Search vendor "Sixapart" for product "Movable Type" and version "3.16"		-		Affected
Sixapart Search vendor "Sixapart"		Movable Type Search vendor "Sixapart" for product "Movable Type"				3.17 Search vendor "Sixapart" for product "Movable Type" and version "3.17"		-		Affected
Sixapart Search vendor "Sixapart"		Movable Type Search vendor "Sixapart" for product "Movable Type"				3.32 Search vendor "Sixapart" for product "Movable Type" and version "3.32"		-		Affected
Sixapart Search vendor "Sixapart"		Movable Type Search vendor "Sixapart" for product "Movable Type"				3.33 Search vendor "Sixapart" for product "Movable Type" and version "3.33"		-		Affected
Sixapart Search vendor "Sixapart"		Movable Type Search vendor "Sixapart" for product "Movable Type"				3.34 Search vendor "Sixapart" for product "Movable Type" and version "3.34"		-		Affected
Sixapart Search vendor "Sixapart"		Movable Type Search vendor "Sixapart" for product "Movable Type"				3.35 Search vendor "Sixapart" for product "Movable Type" and version "3.35"		-		Affected
Sixapart Search vendor "Sixapart"		Movable Type Search vendor "Sixapart" for product "Movable Type"				4.2 Search vendor "Sixapart" for product "Movable Type" and version "4.2"		-		Affected