PT-2026-6098 · Six Apart · Movable Type
Kentaro Ishii
·
Publicado
2026-02-04
·
Atualizado
2026-02-04
·
CVE-2026-21393
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Movable Type versions 7.x and 8.4.x
Description
Movable Type has a stored cross-site scripting issue in the Edit Comment functionality. An attacker could execute arbitrary script in a logged-in user’s web browser by storing crafted input. The
Edit Comment functionality is susceptible to this issue.Recommendations
Versions prior to 7.x and 8.4.x are recommended.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Movable Type