CPANSA-MT-2008-5808: MT vulnerability
| Publisher |
giterlizzi |
Document category |
csaf_security_advisory |
| Initial release date |
2009-01-02T00:00:00 |
Engine |
CSAF Perl Toolkit 0.25 |
| Current release date |
2009-01-02T00:00:00 |
Build Date |
|
| Current version |
1 |
Status |
final |
| CVSS v3.1 Base Score |
|
Severity |
|
| Original language |
|
Language |
en |
| Also referred to |
|
Vulnerability Description
Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to "application management."
Vulnerabilities
CVE-2008-5808
Vulnerability DescriptionCross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to "application management."
| Weakness |
CWE-79 : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
Product status
Known affected
| Product |
Score |
| MT greater than or equal 3 and less than or equal 3.38 |
| CVSS Version |
CVSS Vector |
CVSS Base Score |
CVSS Base Severity |
| 2.0 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
4.3
|
Medium
|
|
| MT greater than or equal 4 and less than 4.23 |
| CVSS Version |
CVSS Vector |
CVSS Base Score |
CVSS Base Severity |
| 2.0 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
4.3
|
Medium
|
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
Revision history
| Version |
Date of the revision |
Summary of the revision |
| 1 |
Fri Jan 2 00:00:00 2009 |
First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/