PT-2008-5382 · Six Apart · Movable Type+2
Kaminogoya
·
Published
2008-09-15
·
Updated
2008-09-15
·
CVE-2008-4079
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Movable Type versions 3.36 and earlier
Movable Type versions 4.x through 4.20
Movable Type Enterprise versions 1.54 and earlier
Movable Type Enterprise versions 4.x through 4.20
Movable Type Community Solution (affected versions not specified)
Description
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Recommendations
For Movable Type versions 3.36 and earlier, update to a version later than 3.36.
For Movable Type versions 4.x through 4.20, update to a version later than 4.20.
For Movable Type Enterprise versions 1.54 and earlier, update to a version later than 1.54.
For Movable Type Enterprise versions 4.x through 4.20, update to a version later than 4.20.
For Movable Type Community Solution, at the moment, there is no information about a newer version that contains a fix for this issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Movable Type
Movable Type Community Solution
Movable Type Enterprise