CVE-2012-1503

Movable Type Pro 5.13 - Cross-Site Scripting via Comment Section

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1503. PoCs published by sqlhacker.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Movable Type Pro 5.13en, allowing arbitrary JavaScript injection via a crafted comment. The PoC uses a simple JavaScript alert to prove the vulnerability.

Description

Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.

Exploits (1)

exploitdb WORKING POC
by sqlhacker · textwebappsphp
https://www.exploit-db.com/exploits/22151

This exploit demonstrates a stored XSS vulnerability in Movable Type Pro 5.13en, allowing arbitrary JavaScript injection via a crafted comment. The PoC uses a simple JavaScript alert to prove the vulnerability.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Movable Type Pro 5.13en
No auth needed
Prerequisites: Access to a blog post's comment section
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/22151
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/86729
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/56160
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/79521

Scores

EPSS 0.0201
EPSS Percentile 78.4%

Details

CWE
CWE-79
Status published
Products (1)
sixapart/movable_type 5.13
Published Aug 29, 2014
Tracked Since Feb 18, 2026