Kaminogoya

**Name of the Vulnerable Software and Affected Versions** Movable Type versions 4 through 4.21 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the administrative page. **Recommendations** For Movable Type versions 4 through 4.21, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Movable Type versions 3.36 and earlier Movable Type versions 4.x through 4.20 Movable Type Enterprise versions 1.54 and earlier Movable Type Enterprise versions 4.x through 4.20 Movable Type Community Solution (affected versions not specified) **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For Movable Type versions 3.36 and earlier, update to a version later than 3.36. For Movable Type versions 4.x through 4.20, update to a version later than 4.20. For Movable Type Enterprise versions 1.54 and earlier, update to a version later than 1.54. For Movable Type Enterprise versions 4.x through 4.20, update to a version later than 4.20. For Movable Type Community Solution, at the moment, there is no information about a newer version that contains a fix for this issue.