Search criteria
8 vulnerabilities by movabletype
CVE-2021-20665 (GCVE-0-2021-20665)
Vulnerability from cvelistv5 – Published: 2021-03-05 09:20 – Updated: 2024-08-03 17:45
VLAI?
Summary
Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd. | Movable Type |
Affected:
Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN66542874/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://movabletype.org/news/2021/02/mt-760-676-released.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-05T09:20:21",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN66542874/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://movabletype.org/news/2021/02/mt-760-676-released.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Movable Type",
"version": {
"version_data": [
{
"version_value": "Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier"
}
]
}
}
]
},
"vendor_name": "Six Apart Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN66542874/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN66542874/index.html"
},
{
"name": "https://movabletype.org/news/2021/02/mt-760-676-released.html",
"refsource": "MISC",
"url": "https://movabletype.org/news/2021/02/mt-760-676-released.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20665",
"datePublished": "2021-03-05T09:20:21",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:45.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20664 (GCVE-0-2021-20664)
Vulnerability from cvelistv5 – Published: 2021-03-05 09:20 – Updated: 2024-08-03 17:45
VLAI?
Summary
Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd. | Movable Type |
Affected:
Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN66542874/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://movabletype.org/news/2021/02/mt-760-676-released.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-05T09:20:20",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN66542874/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://movabletype.org/news/2021/02/mt-760-676-released.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Movable Type",
"version": {
"version_data": [
{
"version_value": "Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier"
}
]
}
}
]
},
"vendor_name": "Six Apart Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN66542874/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN66542874/index.html"
},
{
"name": "https://movabletype.org/news/2021/02/mt-760-676-released.html",
"refsource": "MISC",
"url": "https://movabletype.org/news/2021/02/mt-760-676-released.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20664",
"datePublished": "2021-03-05T09:20:20",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:45.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20663 (GCVE-0-2021-20663)
Vulnerability from cvelistv5 – Published: 2021-03-05 09:20 – Updated: 2024-08-03 17:45
VLAI?
Summary
Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Six Apart Ltd. | Movable Type |
Affected:
Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN66542874/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://movabletype.org/news/2021/02/mt-760-676-released.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Movable Type",
"vendor": "Six Apart Ltd.",
"versions": [
{
"status": "affected",
"version": "Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-05T09:20:20",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN66542874/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://movabletype.org/news/2021/02/mt-760-676-released.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Movable Type",
"version": {
"version_data": [
{
"version_value": "Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier"
}
]
}
}
]
},
"vendor_name": "Six Apart Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN66542874/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN66542874/index.html"
},
{
"name": "https://movabletype.org/news/2021/02/mt-760-676-released.html",
"refsource": "MISC",
"url": "https://movabletype.org/news/2021/02/mt-760-676-released.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20663",
"datePublished": "2021-03-05T09:20:20",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:45.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1497 (GCVE-0-2012-1497)
Vulnerability from cvelistv5 – Published: 2012-03-03 02:00 – Updated: 2024-08-06 19:01
VLAI?
Summary
The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:01.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"name": "DSA-2423",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the \"mt:Include file=\" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"name": "DSA-2423",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the \"mt:Include file=\" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"name": "DSA-2423",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"name": "http://www.movabletype.org/documentation/appendices/release-notes/513.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1497",
"datePublished": "2012-03-03T02:00:00",
"dateReserved": "2012-03-02T00:00:00",
"dateUpdated": "2024-08-06T19:01:01.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0319 (GCVE-0-2012-0319)
Vulnerability from cvelistv5 – Published: 2012-03-03 02:00 – Updated: 2024-08-06 18:23
VLAI?
Summary
The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an "OS Command Injection" issue.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"name": "JVNDB-2012-000017",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000017"
},
{
"name": "52138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52138"
},
{
"name": "DSA-2423",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"name": "1026738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026738"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
},
{
"name": "JVN#92683325",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN92683325/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an \"OS Command Injection\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"name": "JVNDB-2012-000017",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000017"
},
{
"name": "52138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52138"
},
{
"name": "DSA-2423",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"name": "1026738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026738"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
},
{
"name": "JVN#92683325",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN92683325/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-0319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an \"OS Command Injection\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"name": "JVNDB-2012-000017",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000017"
},
{
"name": "52138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52138"
},
{
"name": "DSA-2423",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"name": "1026738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026738"
},
{
"name": "http://www.movabletype.org/documentation/appendices/release-notes/513.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
},
{
"name": "JVN#92683325",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN92683325/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-0319",
"datePublished": "2012-03-03T02:00:00",
"dateReserved": "2012-01-04T00:00:00",
"dateUpdated": "2024-08-06T18:23:30.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0318 (GCVE-0-2012-0318)
Vulnerability from cvelistv5 – Published: 2012-03-03 02:00 – Updated: 2024-08-06 18:23
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to inject arbitrary web script or HTML via vectors involving templates, a different issue than CVE-2012-1262.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"name": "52138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52138"
},
{
"name": "DSA-2423",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"name": "1026738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026738"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
},
{
"name": "JVNDB-2012-000016",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000016"
},
{
"name": "JVN#49836527",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN49836527/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to inject arbitrary web script or HTML via vectors involving templates, a different issue than CVE-2012-1262."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"name": "52138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52138"
},
{
"name": "DSA-2423",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"name": "1026738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026738"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
},
{
"name": "JVNDB-2012-000016",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000016"
},
{
"name": "JVN#49836527",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN49836527/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-0318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to inject arbitrary web script or HTML via vectors involving templates, a different issue than CVE-2012-1262."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"name": "52138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52138"
},
{
"name": "DSA-2423",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"name": "1026738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026738"
},
{
"name": "http://www.movabletype.org/documentation/appendices/release-notes/513.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
},
{
"name": "JVNDB-2012-000016",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000016"
},
{
"name": "JVN#49836527",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN49836527/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-0318",
"datePublished": "2012-03-03T02:00:00",
"dateReserved": "2012-01-04T00:00:00",
"dateUpdated": "2024-08-06T18:23:30.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1262 (GCVE-0-2012-1262)
Vulnerability from cvelistv5 – Published: 2012-03-03 02:00 – Updated: 2024-08-06 18:53
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the dbuser parameter, a different vulnerability than CVE-2012-0318.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:36.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/110203/Movable-Type-Publishing-Platform-Cross-Site-Scripting.html"
},
{
"name": "20120224 TWSL2012-003: Cross-Site Scripting Vulnerability in Movable Type Publishing Platform",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2012/Feb/407"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"name": "52138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52138"
},
{
"name": "DSA-2423",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"name": "1026738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026738"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-003.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
},
{
"name": "JVNDB-2012-000016",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000016"
},
{
"name": "movable-type-publishing-mtwizard-xss(73480)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73480"
},
{
"name": "movable-type-mtwizard-xss(73411)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73411"
},
{
"name": "JVN#49836527",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN49836527/index.html"
},
{
"name": "79470",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/79470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the dbuser parameter, a different vulnerability than CVE-2012-0318."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/110203/Movable-Type-Publishing-Platform-Cross-Site-Scripting.html"
},
{
"name": "20120224 TWSL2012-003: Cross-Site Scripting Vulnerability in Movable Type Publishing Platform",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2012/Feb/407"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"name": "52138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52138"
},
{
"name": "DSA-2423",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"name": "1026738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026738"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-003.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
},
{
"name": "JVNDB-2012-000016",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000016"
},
{
"name": "movable-type-publishing-mtwizard-xss(73480)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73480"
},
{
"name": "movable-type-mtwizard-xss(73411)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73411"
},
{
"name": "JVN#49836527",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN49836527/index.html"
},
{
"name": "79470",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/79470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the dbuser parameter, a different vulnerability than CVE-2012-0318."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/files/110203/Movable-Type-Publishing-Platform-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/110203/Movable-Type-Publishing-Platform-Cross-Site-Scripting.html"
},
{
"name": "20120224 TWSL2012-003: Cross-Site Scripting Vulnerability in Movable Type Publishing Platform",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Feb/407"
},
{
"name": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"name": "52138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52138"
},
{
"name": "DSA-2423",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"name": "1026738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026738"
},
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-003.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-003.txt"
},
{
"name": "http://www.movabletype.org/documentation/appendices/release-notes/513.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
},
{
"name": "JVNDB-2012-000016",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000016"
},
{
"name": "movable-type-publishing-mtwizard-xss(73480)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73480"
},
{
"name": "movable-type-mtwizard-xss(73411)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73411"
},
{
"name": "JVN#49836527",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN49836527/index.html"
},
{
"name": "79470",
"refsource": "OSVDB",
"url": "http://osvdb.org/79470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1262",
"datePublished": "2012-03-03T02:00:00",
"dateReserved": "2012-02-22T00:00:00",
"dateUpdated": "2024-08-06T18:53:36.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2480 (GCVE-0-2009-2480)
Vulnerability from cvelistv5 – Published: 2009-07-16 16:00 – Updated: 2024-08-07 05:52
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type 4.24, and 4.25 when global templates are not initialized, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#97248625",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN97248625/index.html"
},
{
"name": "35534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35534"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.movabletype.org/documentation/appendices/release-notes/426.html"
},
{
"name": "ADV-2009-1668",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1668"
},
{
"name": "JVNDB-2009-000020",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000020.html"
},
{
"name": "movabletype-mtwizard-xss(51329)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51329"
},
{
"name": "35471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35471"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type 4.24, and 4.25 when global templates are not initialized, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "JVN#97248625",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN97248625/index.html"
},
{
"name": "35534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35534"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.movabletype.org/documentation/appendices/release-notes/426.html"
},
{
"name": "ADV-2009-1668",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1668"
},
{
"name": "JVNDB-2009-000020",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000020.html"
},
{
"name": "movabletype-mtwizard-xss(51329)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51329"
},
{
"name": "35471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35471"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type 4.24, and 4.25 when global templates are not initialized, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#97248625",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN97248625/index.html"
},
{
"name": "35534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35534"
},
{
"name": "http://www.movabletype.org/documentation/appendices/release-notes/426.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/documentation/appendices/release-notes/426.html"
},
{
"name": "ADV-2009-1668",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1668"
},
{
"name": "JVNDB-2009-000020",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000020.html"
},
{
"name": "movabletype-mtwizard-xss(51329)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51329"
},
{
"name": "35471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35471"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2480",
"datePublished": "2009-07-16T16:00:00",
"dateReserved": "2009-07-16T00:00:00",
"dateUpdated": "2024-08-07T05:52:14.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}