CVE-2022-45113

Name of the Vulnerable Software and Affected Versions Movable Type versions 7 r.5301 and earlier Movable Type Advanced versions 7 r.5301 and earlier Movable Type versions 6.8.7 and earlier Movable Type Advanced versions 6.8.7 and earlier Movable Type Premium versions 1.53 and earlier Movable Type Premium Advanced versions 1.53 and earlier

Description The issue is related to improper validation of syntactic correctness of input, which can be exploited by a remote unauthenticated attacker. By having a user access a specially crafted URL, an attacker may set a specially crafted URL to the Reset Password page, allowing them to conduct a phishing attack.

Recommendations For Movable Type versions 7 r.5301 and earlier, update to a version later than r.5301. For Movable Type Advanced versions 7 r.5301 and earlier, update to a version later than r.5301. For Movable Type versions 6.8.7 and earlier, update to a version later than 6.8.7. For Movable Type Advanced versions 6.8.7 and earlier, update to a version later than 6.8.7. For Movable Type Premium versions 1.53 and earlier, update to a version later than 1.53. For Movable Type Premium Advanced versions 1.53 and earlier, update to a version later than 1.53.