PT-2020-18550 · Six Apart · Movable Type Premium Advanced+4
Toshitsugu Yoneyama
·
Published
2020-05-14
·
Updated
2020-05-15
·
CVE-2020-5575
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Movable Type versions prior to 7.2.1
Movable Type Advanced versions prior to 7.2.1
Movable Type for AWS versions prior to 7.2.1
Movable Type 6.5 versions prior to 6.5.3
Movable Type Advanced 6.5 versions prior to 6.5.3
Movable Type 6.3 versions prior to 6.3.11
Movable Type Advanced 6.3 versions prior to 6.3.11
Movable Type Premium versions prior to 1.29
Movable Type Premium Advanced versions prior to 1.29
Description
A cross-site scripting issue allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
Recommendations
For Movable Type versions prior to 7.2.1, update to version 7.2.1 or later.
For Movable Type Advanced versions prior to 7.2.1, update to version 7.2.1 or later.
For Movable Type for AWS versions prior to 7.2.1, update to version 7.2.1 or later.
For Movable Type 6.5 versions prior to 6.5.3, update to version 6.5.3 or later.
For Movable Type Advanced 6.5 versions prior to 6.5.3, update to version 6.5.3 or later.
For Movable Type 6.3 versions prior to 6.3.11, update to version 6.3.11 or later.
For Movable Type Advanced 6.3 versions prior to 6.3.11, update to version 6.3.11 or later.
For Movable Type Premium versions prior to 1.29, update to version 1.29 or later.
For Movable Type Premium Advanced versions prior to 1.29, update to version 1.29 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Movable Type
Movable Type Advanced
Movable Type Premium
Movable Type Premium Advanced
Movable Type For Aws