CVE-2020-5574

Name of the Vulnerable Software and Affected Versions Movable Type versions prior to 7.2.1 Movable Type Advanced versions prior to 7.2.1 Movable Type for AWS versions prior to 7.2.1 Movable Type 6.5 versions prior to 6.5.3 Movable Type Advanced 6.5 versions prior to 6.5.3 Movable Type 6.3 versions prior to 6.3.11 Movable Type Advanced 6.3 versions prior to 6.3.11 Movable Type Premium versions prior to 1.29 Movable Type Premium Advanced versions prior to 1.29

Description The issue allows remote attackers to inject arbitrary HTML attribute values via unspecified vectors. This can potentially lead to malicious activities.

Recommendations For Movable Type versions prior to 7.2.1, update to version 7.2.1 or later. For Movable Type Advanced versions prior to 7.2.1, update to version 7.2.1 or later. For Movable Type for AWS versions prior to 7.2.1, update to version 7.2.1 or later. For Movable Type 6.5 versions prior to 6.5.3, update to version 6.5.3 or later. For Movable Type Advanced 6.5 versions prior to 6.5.3, update to version 6.5.3 or later. For Movable Type 6.3 versions prior to 6.3.11, update to version 6.3.11 or later. For Movable Type Advanced 6.3 versions prior to 6.3.11, update to version 6.3.11 or later. For Movable Type Premium versions prior to 1.29, update to version 1.29 or later. For Movable Type Premium Advanced versions prior to 1.29, update to version 1.29 or later.