All the vulnerabilites related to Six Apart, Ltd. - Movable Type Premium
jvndb-2023-000105
Vulnerability from jvndb
Published
2023-10-25 15:18
Modified
2024-05-10 17:47
Severity ?
Summary
Movable Type vulnerable to cross-site scripting
Details
Movable Type provided by Six Apart Ltd. contains a cross-site scripting vulnerability (CWE-79).
Six Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN39139884/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2023-45746 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-45746 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000105.html",
"dc:date": "2024-05-10T17:47+09:00",
"dcterms:issued": "2023-10-25T15:18+09:00",
"dcterms:modified": "2024-05-10T17:47+09:00",
"description": "Movable Type provided by Six Apart Ltd. contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nSix Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000105.html",
"sec:cpe": [
{
"#text": "cpe:/a:sixapart:movable_type",
"@product": "Movable Type",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_advanced",
"@product": "Movable Type Advanced",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium",
"@product": "Movable Type Premium",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium_advanced",
"@product": "Movable Type Premium Advanced",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000105",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN39139884/index.html",
"@id": "JVN#39139884",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-45746",
"@id": "CVE-2023-45746",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-45746",
"@id": "CVE-2023-45746",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Movable Type vulnerable to cross-site scripting"
}
jvndb-2020-000009
Vulnerability from jvndb
Published
2020-02-06 12:29
Modified
2020-02-06 12:29
Severity ?
Summary
Movable Type vulnerable to cross-site scripting
Details
Movable Type provided by Six Apart Ltd. contains a cross-site scripting vulnerability (CWE-79) in block editor and rich text editor.
Six Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN94435544/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5528 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2020-5528 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000009.html",
"dc:date": "2020-02-06T12:29+09:00",
"dcterms:issued": "2020-02-06T12:29+09:00",
"dcterms:modified": "2020-02-06T12:29+09:00",
"description": "Movable Type provided by Six Apart Ltd. contains a cross-site scripting vulnerability (CWE-79) in block editor and rich text editor.\r\n\r\nSix Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000009.html",
"sec:cpe": [
{
"#text": "cpe:/a:sixapart:movable_type",
"@product": "Movable Type",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_advanced",
"@product": "Movable Type Advanced",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium",
"@product": "Movable Type Premium",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium_advanced",
"@product": "Movable Type Premium Advanced",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000009",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN94435544/index.html",
"@id": "JVN#94435544",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5528",
"@id": "CVE-2020-5528",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5528",
"@id": "CVE-2020-5528",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Movable Type vulnerable to cross-site scripting"
}
jvndb-2021-000017
Vulnerability from jvndb
Published
2021-02-24 15:20
Modified
2021-02-24 15:20
Severity ?
Summary
Multiple cross-site scripting vulnerabilities in Movable Type
Details
Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below.
*Cross-site scripting vulnerability in Role authority setting screen (CWE-79) - CVE-2021-20663
*Cross-site scripting vulnerability in Asset registration screen (CWE-79) - CVE-2021-20664
*Cross-site scripting vulnerability in Add asset screen of Contents field (CWE-79) - CVE-2021-20665
Six Apart Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000017.html",
"dc:date": "2021-02-24T15:20+09:00",
"dcterms:issued": "2021-02-24T15:20+09:00",
"dcterms:modified": "2021-02-24T15:20+09:00",
"description": "Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below.\r\n*Cross-site scripting vulnerability in Role authority setting screen (CWE-79) - CVE-2021-20663\r\n*Cross-site scripting vulnerability in Asset registration screen (CWE-79) - CVE-2021-20664\r\n*Cross-site scripting vulnerability in Add asset screen of Contents field (CWE-79) - CVE-2021-20665\r\n\r\nSix Apart Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000017.html",
"sec:cpe": [
{
"#text": "cpe:/a:sixapart:movable_type",
"@product": "Movable Type",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_advanced",
"@product": "Movable Type Advanced",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium",
"@product": "Movable Type Premium",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium_advanced",
"@product": "Movable Type Premium Advanced",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000017",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN66542874/index.html",
"@id": "JVN#66542874",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20663",
"@id": "CVE-2021-20663",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20664",
"@id": "CVE-2021-20664",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20665",
"@id": "CVE-2021-20665",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20663",
"@id": "CVE-2021-20663",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20664",
"@id": "CVE-2021-20664",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20665",
"@id": "CVE-2021-20665",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple cross-site scripting vulnerabilities in Movable Type"
}