Summary
Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier suffers from improper neutralization of input during web page generation (‘Cross-site Scripting’) vulnerability
Credit:
The information has been provided by Vendor
The original article can be found at:https://movabletype.org/news/2020/05/mt-730-660-6312-released.html
Details
Cross-site scripting vulnerability in Movable Type series allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
Vulnerable Systems:
Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier
Movable Type Advanced 7 r.4606 (7.2.1) and earlier
Movable Type for AWS 7 r.4606 (7.2.1) and earlier
Movable Type 6.5.3 and earlier
Movable Type Advanced 6.5.3 and earlier
Movable Type 6.3.11 and earlier
Movable Type Advanced 6.3.11 and earlier
Movable Type Premium 1.29 and earlier
Movable Type Premium Advanced 1.29 and earlier
CVE Information:
Disclosure Timeline:
Published Date:5/13/2020