Summary
Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier suffers from improper neutralization of special elements in output used by a downstream component (‘Injection’) vulnerability
Credit:
The information has been provided by Vendor
The original article can be found at:https://movabletype.org/news/2020/05/mt-730-660-6312-released.html
Details
HTML attribute value injection vulnerability in Movable Type series allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors.
Vulnerable Systems:
Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier
Movable Type Advanced 7 r.4606 (7.2.1) and earlier
Movable Type for AWS 7 r.4606 (7.2.1) and earlier
Movable Type 6.5.3 and earlier
Movable Type Advanced 6.5.3 and earlier
Movable Type 6.3.11 and earlier
Movable Type Advanced 6.3.11 and earlier
Movable Type Premium 1.29 and earlier
Movable Type Premium Advanced 1.29 and earlier
CVE Information:
Disclosure Timeline:
Published Date:5/13/2020