Description
URL redirection to untrusted site ('Open Redirect') issue exists in Movable Type. If this vulnerability is exploited, an invalid parameter may be inserted into the password reset page, which may lead to redirection to an arbitrary URL.
Scores
CVSS v3
4.3
EPSS
0.0003
EPSS Percentile
9.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-601
Status
published
Products (14)
Six Apart Ltd./Movable Type (Cloud Edition)
7 r.5508 (7 series)
Six Apart Ltd./Movable Type (Cloud Edition)
8.6.0 (8 series)
Six Apart Ltd./Movable Type (Software Edition)
7 r.5508 and earlier (7 series)
Six Apart Ltd./Movable Type (Software Edition)
8.0.0 to 8.0.6
Six Apart Ltd./Movable Type (Software Edition)
8.4.0 to 8.4.2 (8 series)
Six Apart Ltd./Movable Type Advanced (Software Edition)
7 r.5508 and earlier (7 series)
Six Apart Ltd./Movable Type Advanced (Software Edition)
8.0.0 to 8.0.6
Six Apart Ltd./Movable Type Advanced (Software Edition)
8.4.0 to 8.4.2 (8 series)
Six Apart Ltd./Movable Type Premium (Cloud Edition)
1.66 (1 series)
Six Apart Ltd./Movable Type Premium (Cloud Edition)
2.09 (2 series)
... and 4 more
Published
Aug 20, 2025
Tracked Since
Feb 18, 2026