CVE-2021-20815

Name of the Vulnerable Software and Affected Versions: Movable Type versions 7 r.4903 and earlier Movable Type 6 Series versions 6.8.0 and earlier Movable Type Advanced 7 Series versions 7 r.4903 and earlier Movable Type Premium version 1.44 and earlier Movable Type Premium Advanced version 1.44 and earlier

Description: A cross-site scripting issue in the Edit Boilerplate screen of Movable Type allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

Recommendations: For Movable Type versions 7 r.4903 and earlier, update to a version later than 7 r.4903. For Movable Type 6 Series versions 6.8.0 and earlier, update to a version later than 6.8.0. For Movable Type Advanced 7 Series versions 7 r.4903 and earlier, update to a version later than 7 r.4903. For Movable Type Premium version 1.44 and earlier, update to a version later than 1.44. For Movable Type Premium Advanced version 1.44 and earlier, update to a version later than 1.44. As a temporary workaround, consider restricting access to the Edit Boilerplate screen until a patch is available.