CVE-2010-1985

Sixapart Movable Type - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

References (6)

[Third Party Advisory] http://jvn.jp/en/jp/JVN92854093/index.html

[Third Party Advisory] http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000017.html

[Vendor Advisory] http://secunia.com/advisories/39741

[Various Sources] http://www.movabletype.com/blog/2010/05/movable-type-502.html

[Various Sources] http://www.movabletype.org/documentation/appendices/release-notes/movable-type-502.html

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/1136

Scores

EPSS 0.0052

EPSS Percentile 66.3%

Classification

CWE

CWE-79

Status published

Affected Products (3)

sixapart/movable_type

n/a/n/a

Timeline

Published May 19, 2010

Tracked Since Feb 18, 2026