CVE-2012-0318

Movable Type <4.38, <5.07, <5.13 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to inject arbitrary web script or HTML via vectors involving templates, a different issue than CVE-2012-1262.

References (7)

[Patch, Vendor Advisory] http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html

[Patch, Vendor Advisory] http://www.movabletype.org/documentation/appendices/release-notes/513.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1026738

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/52138

[Third Party Advisory] http://www.debian.org/security/2012/dsa-2423

[Third Party Advisory] http://jvn.jp/en/jp/JVN49836527/index.html

[Third Party Advisory] http://jvndb.jvn.jp/jvndb/JVNDB-2012-000016

Scores

EPSS 0.0052

EPSS Percentile 66.4%

Classification

CWE

CWE-79

Status published

Affected Products (50)

movabletype/movable_type_open_source < 4.37

movabletype/movable_type_open_source

movabletype/movable_type_open_source

movabletype/movable_type_open_source

movabletype/movable_type_open_source

movabletype/movable_type_open_source

movabletype/movable_type_open_source

movabletype/movable_type_open_source

movabletype/movable_type_open_source

movabletype/movable_type_open_source

movabletype/movable_type_open_source

movabletype/movable_type_open_source

movabletype/movable_type_open_source

movabletype/movable_type_open_source

movabletype/movable_type_open_source

... and 35 more

Timeline

Published Mar 03, 2012

Tracked Since Feb 18, 2026