CPANSA-MT-2021-20815: MT vulnerability
| Publisher |
giterlizzi |
Document category |
csaf_security_advisory |
| Initial release date |
2021-08-26T00:00:00 |
Engine |
CSAF Perl Toolkit 0.25 |
| Current release date |
2021-08-26T00:00:00 |
Build Date |
|
| Current version |
1 |
Status |
final |
| CVSS v3.1 Base Score |
6.1
|
Severity |
Medium
|
| Original language |
|
Language |
en |
| Also referred to |
|
Vulnerability Description
Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
Vulnerabilities
CVE-2021-20815
Vulnerability DescriptionCross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
| Weakness |
CWE-79 : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
Product status
Known affected
| Product |
Score |
| MT greater than or equal 7 and less than 7.8.0 |
|
| MT greater than or equal 6 and less than or equal 6.8.0 |
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
Revision history
| Version |
Date of the revision |
Summary of the revision |
| 1 |
Thu Aug 26 00:00:00 2021 |
First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/