Teracci2002

**Name of the Vulnerable Software and Affected Versions** Movable Type versions prior to 3.34 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via comments. There are two specific scenarios where this can occur: (1) when comments contain a malformed SGML numeric character reference with a '0' (0x00) character in a javascript: URI, and (2) when an attribute in an element lacks the '>' character at the end of the start tag. **Recommendations** For versions prior to 3.34, update to version 3.34 or later to resolve the issue.