CVE-2025-62499

CVSS v3.1

4.8

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Movable Type (affected versions not specified)

Description The software contains a stored cross-site scripting issue in the Edit CategorySet of ContentType page. An attacker with "ContentType Management" privilege can store crafted input, potentially leading to arbitrary script execution in the web browser of a user accessing the Edit CategorySet of ContentType page.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-62499

Affected Products

Movable Type

CVE-2025-62499

Weakness Enumeration

Related Identifiers

Affected Products

References · 6