Six Apart · Movable Type · CVE-2003-0287
Name of the Vulnerable Software and Affected Versions:
Movable Type versions prior to 2.6
Description:
A cross-site scripting issue allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled.
Recommendations:
For versions prior to 2.6, disable the "Allow HTML in comments?" option to minimize the risk of exploitation.