CVE-2014-0977CVE-2014-0977

Affected configuration(s):

cpe:/a:sixapart:movabletype:5.0:rc2
cpe:/a:sixapart:movabletype:5.01
cpe:/a:sixapart:movabletype:5.2
cpe:/a:sixapart:movabletype:5.2.2
cpe:/a:sixapart:movabletype:5.2.3
cpe:/a:sixapart:movabletype:5.2.6
cpe:/a:sixapart:movabletype:5.2.7
cpe:/a:sixapart:movabletype:5.03
cpe:/a:sixapart:movabletype:5.04
cpe:/a:sixapart:movabletype:5.11
cpe:/a:sixapart:movabletype:5.12
cpe:/a:sixapart:movabletype:5.13
cpe:/a:sixapart:movabletype:5.14
cpe:/a:sixapart:movabletype:5.15
cpe:/a:sixapart:movabletype:5.031
cpe:/a:sixapart:movabletype:6.0

Date published: 2014-01-10T12:55:03.113-05:00

Date last modified: 2017-08-28T21:34:23.153-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734304

Summary: Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable Type 5.0x, 5.1x before 5.161, 5.2.x before 5.2.9, and 6.0.x before 6.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *