{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000001.html",
  "dc:date": "2010-01-06T16:26+09:00",
  "dcterms:issued": "2010-01-06T16:26+09:00",
  "dcterms:modified": "2010-01-06T16:26+09:00",
  "description": "Movable Type contains an access restriction bypass vulnerability.\r\n\r\nMovable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions.\r\n\r\nThis vulnerability is different from JVN#08369659.",
  "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000001.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "5.5",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2010-000001",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN09872874/index.html",
      "@id": "JVN#09872874",
      "@source": "JVN"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Movable Type access restriction bypass vulnerability"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000768.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Movable Type, a web log system from Six Apart KK, contains a vulnerability which could allow a remote attacker to gain illegal access.",
  "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000768.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "5.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2005-000768",
  "sec:references": {
    "#text": "http://jvn.jp/en/jp/JVN74012178/index.html",
    "@id": "JVN#74012178",
    "@source": "JVN"
  },
  "title": "Movable Type session management vulnerability"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000073.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Movable Type, a web log system from Six Apart, contains a cross-site scripting vulnerability.\r\n\r\nThis vulnerability is different from JVN#68295640.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000073.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "5.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000073",
  "sec:references": {
    "#text": "http://jvn.jp/en/jp/JVN32985115/index.html",
    "@id": "JVN#32985115",
    "@source": "JVN"
  },
  "title": "Movable Type cross-site scripting vulnerability"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000017.html",
  "dc:date": "2012-02-23T14:21+09:00",
  "dcterms:issued": "2012-02-23T14:21+09:00",
  "dcterms:modified": "2012-02-23T14:21+09:00",
  "description": "Movable Type contains an OS command injection vulnerability.\r\n\r\nMovable Type contains an OS command injection vulnerability in its file management system.",
  "link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000017.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "6.5",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2012-000017",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN92683325/index.html",
      "@id": "JVN#92683325",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0319",
      "@id": "CVE-2012-0319",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0319",
      "@id": "CVE-2012-0319",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Movable Type vulnerable to OS command injection"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000073.html",
  "dc:date": "2020-11-18T18:01+09:00",
  "dcterms:issued": "2020-11-18T18:01+09:00",
  "dcterms:modified": "2020-11-18T18:01+09:00",
  "description": "Movable Type Premium provided by Six Apart Ltd. contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nSix Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000073.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "2.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "6.1",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2020-000073",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN94245475/index.html",
      "@id": "JVN#94245475",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5669",
      "@id": "CVE-2020-5669",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5669",
      "@id": "CVE-2020-5669",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Movable Type Premium vulnerable to cross-site scripting"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000069.html",
  "dc:date": "2019-11-13T13:59+09:00",
  "dcterms:issued": "2019-11-13T13:59+09:00",
  "dcterms:modified": "2019-11-13T13:59+09:00",
  "description": "Movable Type provided by Six Apart Ltd. contains an open redirect vulnerability (CWE-601).\r\n\r\nHidetomo Hosono of EG Secure Solutions Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000069.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "2.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.7",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2019-000069",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN65280626/index.html",
      "@id": "JVN#65280626",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6025",
      "@id": "CVE-2019-6025",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6025",
      "@id": "CVE-2019-6025",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    }
  ],
  "title": "Movable Type vulnerable to open redirect"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000030.html",
  "dc:date": "2020-05-13T17:59+09:00",
  "dcterms:issued": "2020-05-13T17:59+09:00",
  "dcterms:modified": "2020-05-13T17:59+09:00",
  "description": "Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. \r\n* HTML attribute value injection vulnerability (CWE-74) - CVE-2020-5574\r\n* Cross-site scripting due to a flaw in processing multiple query strings (CWE-79) - CVE-2020-5575\r\n* Cross-site request forgery (CWE-352) - CVE-2020-5576\r\n* Unrestricted upload of file with specific extentions (CWE-434) - CVE-2020-5577 \r\n\r\nThe following researchers reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2020-5574, CVE-2020-5575, CVE-2020-5576\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.\r\n\r\nCVE-2020-5577\r\nYuji Tounai of Mitsui Bussan Secure Directions, Inc.",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000030.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2020-000030",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN28806943/index.html",
      "@id": "JVN#28806943",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5574",
      "@id": "CVE-2020-5574",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5575",
      "@id": "CVE-2020-5575",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5576",
      "@id": "CVE-2020-5576",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5577",
      "@id": "CVE-2020-5577",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5574",
      "@id": "CVE-2020-5574",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5575",
      "@id": "CVE-2020-5575",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5576",
      "@id": "CVE-2020-5576",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5577",
      "@id": "CVE-2020-5577",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in Movable Type"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000067.html",
  "dc:date": "2008-12-04T14:52+09:00",
  "dcterms:issued": "2008-12-04T14:52+09:00",
  "dcterms:modified": "2008-12-04T14:52+09:00",
  "description": "Movable Type Enterprise contains a cross-site scripting vulnerability.\r\n\r\nMovable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability.\r\nThis vulnerability is different from JVN#30385652 and JVN#81490697.\r\n\r\nYosuke HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000067.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2008-000067",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN02216739/index.html",
      "@id": "JVN#02216739",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5808",
      "@id": "CVE-2008-5808",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5808",
      "@id": "CVE-2008-5808",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/32935",
      "@id": "SA32935",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000067.html",
      "@id": "JVNDB-2008-000067",
      "@source": "JVNDB_Ja"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Movable Type Enterprise cross-site scripting vulnerability"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000002.html",
  "dc:date": "2009-07-29T12:22+09:00",
  "dcterms:issued": "2009-01-13T18:50+09:00",
  "dcterms:modified": "2009-07-29T12:22+09:00",
  "description": "Movable Type Enterprise contains a cross-site scripting vulnerability.\r\n\r\nMovable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability.\r\n\r\nThis vulnerability is different from JVN#02216739.\r\n\r\nThis vulnerability has been fixed in version 4.23 released on December 3, 2008. (UTC+0900)",
  "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000002.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2009-000002",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN71945722/index.html",
      "@id": "JVN#71945722",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5845",
      "@id": "CVE-2008-5845",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5845",
      "@id": "CVE-2008-5845",
      "@source": "NVD"
    },
    {
      "#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000002.html",
      "@id": "JVNDB-2009-000002",
      "@source": "JVNDB_Ja"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Movable Type Enterprise cross-site scripting vulnerability"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000653.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Movable Type, a web log system from Six Apart, contains a cross-site scripting vulnerability in its search module.",
  "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000653.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2006-000653",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN68295640/index.html",
      "@id": "JVN#68295640",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5080",
      "@id": "CVE-2006-5080",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5080",
      "@id": "CVE-2006-5080",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/22109/",
      "@id": "SA22109",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/20228",
      "@id": "20228",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/29183",
      "@id": "29183",
      "@source": "XF"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2006/3779",
      "@id": "FrSIRT/ADV-2006-3779",
      "@source": "FRSIRT"
    },
    {
      "#text": "http://www.osvdb.org/29177",
      "@id": "29177",
      "@source": "OSVDB"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Movable Type vulnerabile to cross-site scripting"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000104.html",
  "dc:date": "2014-09-11T16:56+09:00",
  "dcterms:issued": "2014-09-09T15:02+09:00",
  "dcterms:modified": "2014-09-11T16:56+09:00",
  "description": "Movable Type provided by Six Apart, Ltd. contains a cross-site scripting vulnerability.\r\n\r\nMovable Type contains an issue in processing the management page, which may result in a cross-site scripting vulnerability.\r\n\r\nSaeki Tominaga reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000104.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2014-000104",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN73357573/index.html",
      "@id": "JVN#73357573",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5313",
      "@id": "CVE-2014-5313",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5313",
      "@id": "CVE-2014-5313",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Movable Type vulnerable to cross-site scripting"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000009.html",
  "dc:date": "2020-02-06T12:29+09:00",
  "dcterms:issued": "2020-02-06T12:29+09:00",
  "dcterms:modified": "2020-02-06T12:29+09:00",
  "description": "Movable Type provided by Six Apart Ltd. contains a cross-site scripting vulnerability (CWE-79) in block editor and rich text editor.\r\n\r\nSix Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000009.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:sixapart:movable_type",
      "@product": "Movable Type",
      "@vendor": "Six Apart, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sixapart:movable_type_advanced",
      "@product": "Movable Type Advanced",
      "@vendor": "Six Apart, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sixapart:movable_type_premium",
      "@product": "Movable Type Premium",
      "@vendor": "Six Apart, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sixapart:movable_type_premium_advanced",
      "@product": "Movable Type Premium Advanced",
      "@vendor": "Six Apart, Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "2.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "6.1",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2020-000009",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN94435544/index.html",
      "@id": "JVN#94435544",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5528",
      "@id": "CVE-2020-5528",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5528",
      "@id": "CVE-2020-5528",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Movable Type vulnerable to cross-site scripting"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html",
  "dc:date": "2009-07-01T17:53+09:00",
  "dcterms:issued": "2009-07-01T17:53+09:00",
  "dcterms:modified": "2009-07-01T17:53+09:00",
  "description": "Movable Type contains a cross-site scripting vulnerability.\r\n\r\nMovable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability.\r\nThis vulnerability is a different vulnerability than past reports on JVN.\r\n\r\nA successful attack requires mt-wizard.cgi not to be deleted after initial setup. For more information, refer to the developer\u0027s website.\r\n\r\nMasashi Shiraishi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2009-000042",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN86472161/index.html",
      "@id": "JVN#86472161",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2492",
      "@id": "CVE-2009-2492",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2492",
      "@id": "CVE-2009-2492",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Movable Type cross-site scripting vulnerability"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000060.html",
  "dc:date": "2010-12-08T18:26+09:00",
  "dcterms:issued": "2010-12-08T18:26+09:00",
  "dcterms:modified": "2010-12-08T18:26+09:00",
  "description": "Movable Type contains a cross-site scripting vulnerability.\r\n\r\nMovable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability.\r\n\r\nThis vulnerability is different than the previous vulnerabilities disclosed on JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000060.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2010-000060",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN36673836/index.html",
      "@id": "JVN#36673836",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3921",
      "@id": "CVE-2010-3921",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3921",
      "@id": "CVE-2010-3921",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/42539",
      "@id": "SA42539",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.vupen.com/english/advisories/2010/3145",
      "@id": "VUPEN/ADV-2010-3145",
      "@source": "VUPEN"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Movable Type vulnerable to cross-site scripting"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000018.html",
  "dc:date": "2012-02-23T14:28+09:00",
  "dcterms:issued": "2012-02-23T14:28+09:00",
  "dcterms:modified": "2012-02-23T14:28+09:00",
  "description": "Movable Type contains a session hijacking vulnerability.\r\n\r\nMovable Type contains a session hijacking vulnerability in entering comments and community functionality.",
  "link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000018.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "6.4",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2012-000018",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN20083397/index.html",
      "@id": "JVN#20083397",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0320",
      "@id": "CVE-2012-0320",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0320",
      "@id": "CVE-2012-0320",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Movable Type vulnerable to session hijacking"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000064.html",
  "dc:date": "2024-06-13T18:11+09:00",
  "dcterms:issued": "2022-08-24T15:58+09:00",
  "dcterms:modified": "2024-06-13T18:11+09:00",
  "description": "Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability (CWE-74).\r\nSending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it.\r\nAccording to the developer, it is unable to execute a command with an arbitrary value added to its argument, even if the vulnerability is exploited.\r\n\r\nOsaka University of Economics reported this vulnerability to Six Apart Ltd. and coordinated. Six Apart Ltd. and JPCERT/CC published respective advisories in order to notify users of this vulnerability.\r\n\r\nAnd almost at the same time, SHIGA TAKUMA of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with Six Apart Ltd. under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000064.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "7.5",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "9.8",
      "@severity": "Critical",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2022-000064",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN57728859/index.html",
      "@id": "JVN#57728859",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-38078",
      "@id": "CVE-2022-38078",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-38078",
      "@id": "CVE-2022-38078",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/security/ciadr/vul/20220824-jvn.html",
      "@id": "JVN#57728859",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "https://www.jpcert.or.jp/english/at/2022/at220022.html",
      "@id": "Alert Regarding Vulnerability in Movable Type XMLRPC API",
      "@source": "JPCERT"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Movable Type XMLRPC API vulnerable to command injection"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000020.html",
  "dc:date": "2009-07-29T12:22+09:00",
  "dcterms:issued": "2009-04-28T16:18+09:00",
  "dcterms:modified": "2009-07-29T12:22+09:00",
  "description": "Movable Type contains a cross-site scripting vulnerability.\r\n\r\nMovable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability.\r\nThis vulnerability is a different vulnerability than past reports on JVN.\r\n\r\nThis vulnerability has been fixed and an updated version (Movable Type 4.25) was released on March 18, 2009.\r\n\r\nMasashi Shiraishi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.\r\n\r\nThe following are also affected by this vulnerability when \"global templates\" are not initialized.\r\n\r\n * Movable Type 4.25 (updated from Movable Type 4.24 (includes Professional and Community Packs))\r\n * Movable Type 4.25 (updated from Movable Type 4.24 Enterprise)\r\n\r\nFor more information, refer to the vendor\u0027s website.",
  "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000020.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2009-000020",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN97248625/index.html",
      "@id": "JVN#97248625",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2480",
      "@id": "CVE-2009-2480",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2480",
      "@id": "CVE-2009-2480",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/35534",
      "@id": "SA35534",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/35471",
      "@id": "35471",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/51329",
      "@id": "51329",
      "@source": "XF"
    },
    {
      "#text": "http://www.vupen.com/english/advisories/2009/1668",
      "@id": "VUPEN/ADV-2009-1668",
      "@source": "VUPEN"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Movable Type cross-site scripting vulnerability"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000061.html",
  "dc:date": "2010-12-08T18:28+09:00",
  "dcterms:issued": "2010-12-08T18:28+09:00",
  "dcterms:modified": "2010-12-08T18:28+09:00",
  "description": "Movable Type contains SQL injection vulnerability.\r\n\r\nMovable Type, a web log system from Six Apart KK, contains a SQL injection vulnerability.",
  "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000061.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "6.8",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2010-000061",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN78536512/index.html",
      "@id": "JVN#78536512",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3922",
      "@id": "CVE-2010-3922",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3922",
      "@id": "CVE-2010-3922",
      "@source": "NVD"
    },
    {
      "#text": "http://www.ipa.go.jp/security/english/vuln/201012_Movabletype_en.html",
      "@id": "Security Alert for Vulnerability in Movable Type",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "http://secunia.com/advisories/42539",
      "@id": "SA42539",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.vupen.com/english/advisories/2010/3145",
      "@id": "VUPEN/ADV-2010-3145",
      "@source": "VUPEN"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-89",
      "@title": "SQL Injection(CWE-89)"
    }
  ],
  "title": "Movable Type vulnerable to SQL injection"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000017.html",
  "dc:date": "2010-05-12T15:25+09:00",
  "dcterms:issued": "2010-05-12T15:25+09:00",
  "dcterms:modified": "2010-05-12T15:25+09:00",
  "description": "Movable Type contains a cross-site scripting vulnerability.\r\n\r\nMovable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability.\r\n\r\nThis vulnerability is different than the previous vulnerabilities disclosed on JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000017.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2010-000017",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN92854093/index.html",
      "@id": "JVN#92854093",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1985",
      "@id": "CVE-2010-1985",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1985",
      "@id": "CVE-2010-1985",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/39741",
      "@id": "SA39741",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.vupen.com/english/advisories/2010/1136",
      "@id": "VUPEN/ADV-2010-1136",
      "@source": "VUPEN"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Movable Type vulnerable to cross-site scripting"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000094.html",
  "dc:date": "2019-07-25T14:25+09:00",
  "dcterms:issued": "2018-08-30T17:34+09:00",
  "dcterms:modified": "2019-07-25T14:25+09:00",
  "description": "Movable Type provided by Six Apart, Ltd. is a content management system. Movable Type contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nASAI Ken reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000094.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "6.1",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000094",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN89550319/index.html",
      "@id": "JVN#89550319",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0672",
      "@id": "CVE-2018-0672",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0672",
      "@id": "CVE-2018-0672",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Movable Type vulnerable to cross-site scripting"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000031.html",
  "dc:date": "2011-05-25T17:37+09:00",
  "dcterms:issued": "2011-05-25T17:37+09:00",
  "dcterms:modified": "2011-05-25T17:37+09:00",
  "description": "Movable Type contains a cross-site scripting vulnerability.\r\n\r\nMovable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability due to an issue in the management screen.\r\n\r\nThis vulnerability is different than the previous vulnerabilities disclosed on JVN.\r\n\r\nTakeshi Terada of Mitsui Bussan Secure Directions reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000031.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "5.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2011-000031",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN45658190",
      "@id": "JVN#45658190",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5845",
      "@id": "CVE-2008-5845",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5845",
      "@id": "CVE-2008-5845",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Movable Type vulnerable to cross-site scripting"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000090.html",
  "dc:date": "2024-06-03T15:31+09:00",
  "dcterms:issued": "2022-11-16T17:07+09:00",
  "dcterms:modified": "2024-06-03T15:31+09:00",
  "description": "Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below.\r\n\r\n  * Improper Validation of Syntactic Correctness of Input (CWE-1286) - CVE-2022-45113\r\n  * Cross-site Scripting (CWE-79) - CVE-2022-45122\r\n  * Improper Neutralization of Server-Side Includes (SSI) Within a Web Page (CWE-97) - CVE-2022-4366\r\n\r\nCVE-2022-45113, CVE-2022-45122\r\nSHIGA TAKUMA of BroadBand Security, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2022-43660\r\nSix Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.\r\nJPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000090.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.6",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.2",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2022-000090",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN37014768/index.html",
      "@id": "JVN#37014768",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-45113",
      "@id": "CVE-2022-45113",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-45122",
      "@id": "CVE-2022-45122",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-43660",
      "@id": "CVE-2022-43660",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43660",
      "@id": "CVE-2022-43660",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-45113",
      "@id": "CVE-2022-45113",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-45122",
      "@id": "CVE-2022-45122",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in Movable Type"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000017.html",
  "dc:date": "2021-02-24T15:20+09:00",
  "dcterms:issued": "2021-02-24T15:20+09:00",
  "dcterms:modified": "2021-02-24T15:20+09:00",
  "description": "Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below.\r\n*Cross-site scripting vulnerability in Role authority setting screen (CWE-79) - CVE-2021-20663\r\n*Cross-site scripting vulnerability in Asset registration screen (CWE-79) - CVE-2021-20664\r\n*Cross-site scripting vulnerability in Add asset screen of Contents field (CWE-79) - CVE-2021-20665\r\n\r\nSix Apart Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000017.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:sixapart:movable_type",
      "@product": "Movable Type",
      "@vendor": "Six Apart, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sixapart:movable_type_advanced",
      "@product": "Movable Type Advanced",
      "@vendor": "Six Apart, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sixapart:movable_type_premium",
      "@product": "Movable Type Premium",
      "@vendor": "Six Apart, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sixapart:movable_type_premium_advanced",
      "@product": "Movable Type Premium Advanced",
      "@vendor": "Six Apart, Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "2.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "6.1",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000017",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN66542874/index.html",
      "@id": "JVN#66542874",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20663",
      "@id": "CVE-2021-20663",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20664",
      "@id": "CVE-2021-20664",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20665",
      "@id": "CVE-2021-20665",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20663",
      "@id": "CVE-2021-20663",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20664",
      "@id": "CVE-2021-20664",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20665",
      "@id": "CVE-2021-20665",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple cross-site scripting vulnerabilities in Movable Type"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000079.html",
  "dc:date": "2021-08-25T14:54+09:00",
  "dcterms:issued": "2021-08-25T14:54+09:00",
  "dcterms:modified": "2021-08-25T14:54+09:00",
  "description": "Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below.\r\n* Cross-site scripting vulnerability in Search screen (CWE-79) - CVE-2021-20808\r\n* Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type (CWE-79) - CVE-2021-20809\r\n* Cross-site scripting vulnerability in Website Management screen (CWE-79) - CVE-2021-20810\r\n* Cross-site scripting vulnerability in List of Assets screen (CWE-79) - CVE-2021-20811\r\n* Cross-site scripting vulnerability in Setting screen of Server Sync (CWE-79) - CVE-2021-20812\r\n* Cross-site scripting vulnerability in Edit screen of Content Data (CWE-79) - CVE-2021-20813\r\n* Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin (CWE-79) - CVE-2021-20814\r\n* Cross-site scripting vulnerability in Edit Boilerplate screen (CWE-79) - CVE-2021-20815\r\n\r\nSix Apart Ltd. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000079.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "2.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "6.1",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000079",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN97545738/index.html",
      "@id": "JVN#97545738",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20808",
      "@id": "CVE-2021-20808",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20809",
      "@id": "CVE-2021-20809",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20810",
      "@id": "CVE-2021-20810",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20811",
      "@id": "CVE-2021-20811",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20812",
      "@id": "CVE-2021-20812",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20813",
      "@id": "CVE-2021-20813",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20814",
      "@id": "CVE-2021-20814",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20815",
      "@id": "CVE-2021-20815",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20808",
      "@id": "CVE-2021-20808",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20809",
      "@id": "CVE-2021-20809",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20810",
      "@id": "CVE-2021-20810",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20811",
      "@id": "CVE-2021-20811",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20812",
      "@id": "CVE-2021-20812",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20813",
      "@id": "CVE-2021-20813",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20814",
      "@id": "CVE-2021-20814",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20815",
      "@id": "CVE-2021-20815",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple cross-site scripting vulnerabilities in Movable Type"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000016.html",
  "dc:date": "2012-02-23T14:20+09:00",
  "dcterms:issued": "2012-02-23T14:20+09:00",
  "dcterms:modified": "2012-02-23T14:20+09:00",
  "description": "Movable Type contains a cross-site scripting vulnerability.\r\n\r\nmt-wizard.cgi and Movable Type templates contain a cross-site scripting vulnerability.",
  "link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000016.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2012-000016",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN49836527/index.html",
      "@id": "JVN#49836527",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0318",
      "@id": "CVE-2012-0318",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0318",
      "@id": "CVE-2012-0318",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Movable Type vulnerable to cross-site scripting"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000056.html",
  "dc:date": "2008-09-10T11:28+09:00",
  "dcterms:issued": "2008-09-10T11:28+09:00",
  "dcterms:modified": "2008-09-10T11:28+09:00",
  "description": "Movable Type contains a cross-site scripting vulnerability. \r\n\r\nMovable Type, a web log system from Six Apart, contains a cross-site scripting vulnerability. \r\n\r\nGaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000056.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2008-000056",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN30385652/index.html",
      "@id": "JVN#30385652",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4079",
      "@id": "CVE-2008-4079",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4079",
      "@id": "CVE-2008-4079",
      "@source": "NVD"
    },
    {
      "#text": "http://www.securityfocus.com/bid/31073",
      "@id": "31073",
      "@source": "BID"
    },
    {
      "#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000056.html",
      "@id": "JVNDB-2008-000056",
      "@source": "JVNDB_Ja"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Movable Type vulnerable to cross-site scripting"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000093.html",
  "dc:date": "2021-12-17T17:36+09:00",
  "dcterms:issued": "2021-10-20T17:38+09:00",
  "dcterms:modified": "2021-12-17T17:36+09:00",
  "description": "Movable Type XMLRPC API provided by Six Apart Ltd. contains an OS command injection vulnerability (CWE-78).\r\nSending a specially crafted message by POST method to Movavle Type XMLRPC API may allow arbitrary OS command execution.\r\n\r\n[Updated on 2021 November 10]\r\nAs of 2021 November 10, a Proof-of-Concept (PoC) code exploitning this vulnerability has already been made public and attacks exploting this vulnerability has been observed in the wild.\r\n\r\n\u0026#201;tienne Gervais, Charl-Alexandre Le Brun and Chatwork Co., Ltd. reported this vulnerability to Six Apart Ltd. and coordinated.\r\nSix Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000093.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "7.5",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "9.8",
      "@severity": "Critical",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000093",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN41119755/index.html",
      "@id": "JVN#41119755",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20837",
      "@id": "CVE-2021-20837",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20837",
      "@id": "CVE-2021-20837",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/security/ciadr/vul/20211020-jvn.html",
      "@id": "Security Alert for Vulnerability in Movable Type (JVN#41119755) (in Japanese)",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "https://www.jpcert.or.jp/english/at/2021/at210047.html",
      "@id": "Alert Regarding Vulnerability (CVE-2021-20837) in Movable Type XMLRPC API",
      "@source": "JPCERT-WR"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Movable Type XMLRPC API vulnerable to OS command injection"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000015.html",
  "dc:date": "2012-02-23T14:19+09:00",
  "dcterms:issued": "2012-02-23T14:19+09:00",
  "dcterms:modified": "2012-02-23T14:19+09:00",
  "description": "Movable Type contains a cross-site request forgery vulnerability.\r\n\r\nMovable Type contains a cross-site request forgery vulnerability in entering comments and community functionality.",
  "link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000015.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2012-000015",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN70683217/index.html",
      "@id": "JVN#70683217",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0317",
      "@id": "CVE-2012-0317",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0317",
      "@id": "CVE-2012-0317",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    }
  ],
  "title": "Movable Type vulnerable to cross-site request forgery"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000105.html",
  "dc:date": "2024-05-10T17:47+09:00",
  "dcterms:issued": "2023-10-25T15:18+09:00",
  "dcterms:modified": "2024-05-10T17:47+09:00",
  "description": "Movable Type provided by Six Apart Ltd. contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nSix Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000105.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:sixapart:movable_type",
      "@product": "Movable Type",
      "@vendor": "Six Apart, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sixapart:movable_type_advanced",
      "@product": "Movable Type Advanced",
      "@vendor": "Six Apart, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sixapart:movable_type_premium",
      "@product": "Movable Type Premium",
      "@vendor": "Six Apart, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sixapart:movable_type_premium_advanced",
      "@product": "Movable Type Premium Advanced",
      "@vendor": "Six Apart, Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "3.5",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "5.4",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2023-000105",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN39139884/index.html",
      "@id": "JVN#39139884",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-45746",
      "@id": "CVE-2023-45746",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-45746",
      "@id": "CVE-2023-45746",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Movable Type vulnerable to cross-site scripting"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000043.html",
  "dc:date": "2009-07-01T17:53+09:00",
  "dcterms:issued": "2009-07-01T17:53+09:00",
  "dcterms:modified": "2009-07-01T17:53+09:00",
  "description": "Movable Type contains an access restriction bypass vulnerability.\r\n\r\nMovable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions.\r\n\r\nA successful attack requires mt-wizard.cgi not to be deleted after initial setup. For more information, refer to the developer\u0027s website.\r\n\r\nMasashi Shiraishi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000043.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "5.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2009-000043",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN08369659/index.html",
      "@id": "JVN#08369659",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2481",
      "@id": "CVE-2009-2481",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2481",
      "@id": "CVE-2009-2481",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/35534",
      "@id": "SA35534",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/35471",
      "@id": "35471",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/51330",
      "@id": "51330",
      "@source": "XF"
    },
    {
      "#text": "http://www.vupen.com/english/advisories/2009/1668",
      "@id": "VUPEN/ADV-2009-1668",
      "@source": "VUPEN"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Movable Type access restriction bypass vulnerability"
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000072.html",
  "dc:date": "2011-05-31T10:57+09:00",
  "dcterms:issued": "2008-10-21T19:25+09:00",
  "dcterms:modified": "2011-05-31T10:57+09:00",
  "description": "Movable Type contains a cross-site scripting vulnerability.\r\n\r\nMovable Type, a web log system from Six Apart KK, contains a vulnerability resulting from the improper handling of the management page that can lead to cross-site scripting.\r\n\r\nThis vulnerability is different from JVN#30385652.\r\n\r\nAn updated version addressing this vulnerability was released on December 3, 2008\r\n\r\nRyuji Sakai, Tomohito Yoshino and Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000072.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2008-000072",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN81490697/index.html",
      "@id": "JVN#81490697",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4634",
      "@id": "CVE-2008-4634",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4634",
      "@id": "CVE-2008-4634",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/32305",
      "@id": "SA32305",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/31826",
      "@id": "31826",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/45968",
      "@id": "45968",
      "@source": "XF"
    },
    {
      "#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000072.html",
      "@id": "JVNDB-2008-000072",
      "@source": "JVNDB_Ja"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Movable Type cross-site scripting vulnerability"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:35:48.727Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#89550319",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN89550319/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Movable Type",
          "vendor": "Six Apart, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "versions prior to Ver. 6.3.1"
            }
          ]
        }
      ],
      "datePublic": "2018-08-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-04T12:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#89550319",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN89550319/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0672",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Movable Type",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "versions prior to Ver. 6.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Six Apart, Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#89550319",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN89550319/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0672",
    "datePublished": "2018-09-04T13:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T03:35:48.727Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}