CPANSA-MT-2010-1985: MT vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2010-05-19T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
| Current release date | 2010-05-19T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | Severity | ||
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
Vulnerabilities
CVE-2010-1985
Vulnerability DescriptionMultiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
| Weakness | CWE-79 : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
|---|
Product status
Known affected
| Product | Score | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| MT greater than or equal 5.0 and less than or equal 5.01 |
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-MT-2010-1985 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2010/cpansa-mt-2010-1985.json - http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000017.html external
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000017.html - http://www.movabletype.com/blog/2010/05/movable-type-502.html external
http://www.movabletype.com/blog/2010/05/movable-type-502.html - http://www.vupen.com/english/advisories/2010/1136 external
http://www.vupen.com/english/advisories/2010/1136 - http://secunia.com/advisories/39741 external
http://secunia.com/advisories/39741 - http://www.movabletype.org/documentation/appendices/release-notes/movable-type-502.html external
http://www.movabletype.org/documentation/appendices/release-notes/movable-type-502.html - http://jvn.jp/en/jp/JVN92854093/index.html external
http://jvn.jp/en/jp/JVN92854093/index.html - CVE-2010-1985 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2010-1985
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Wed May 19 00:00:00 2010 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/