CVE-2007-3342

Name of the Vulnerable Software and Affected Versions Movable Type versions prior to 3.34

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via comments. There are two specific scenarios where this can occur: (1) when comments contain a malformed SGML numeric character reference with a '0' (0x00) character in a javascript: URI, and (2) when an attribute in an element lacks the '>' character at the end of the start tag.

Recommendations For versions prior to 3.34, update to version 3.34 or later to resolve the issue.