CPANSA-MT-2012-1503: MT vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2014-08-29T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
| Current release date | 2014-08-29T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | Severity | ||
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.
Vulnerabilities
CVE-2012-1503
Vulnerability DescriptionCross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.
| Weakness | CWE-79 : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
|---|
Product status
Known affected
| Product | Score | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| MT equal 5.13 |
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-MT-2012-1503 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2014/cpansa-mt-2012-1503.json - http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html external
http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html - http://packetstormsecurity.org/files/117564/Movable-Type-Pro-5.13en-Cross-Site-Scripting.html external
http://packetstormsecurity.org/files/117564/Movable-Type-Pro-5.13en-Cross-Site-Scripting.html - http://www.exploit-db.com/exploits/22151 external
http://www.exploit-db.com/exploits/22151 - http://osvdb.org/show/osvdb/86729 external
http://osvdb.org/show/osvdb/86729 - http://www.securityfocus.com/bid/56160 external
http://www.securityfocus.com/bid/56160 - https://exchange.xforce.ibmcloud.com/vulnerabilities/79521 external
https://exchange.xforce.ibmcloud.com/vulnerabilities/79521 - CVE-2012-1503 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2012-1503
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Fri Aug 29 00:00:00 2014 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/