PT-2026-6098 · Six Apart · Movable Type
Kentaro Ishii
·
Published
2026-02-04
·
Updated
2026-02-04
·
CVE-2026-21393
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Movable Type versions 7.x and 8.4.x
Description
Movable Type has a stored cross-site scripting issue in the Edit Comment functionality. An attacker could execute arbitrary script in a logged-in user’s web browser by storing crafted input. The
Edit Comment functionality is susceptible to this issue.Recommendations
Versions prior to 7.x and 8.4.x are recommended.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Movable Type