Lucene search
HistoryMar 03, 2012 - 4:04 a.m.
CVE-2012-1262
cve-2012-1262
xss vulnerability
movable type
remote code injection
security vulnerability
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.6 Medium
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.5%
Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the dbuser parameter, a different vulnerability than CVE-2012-0318.
Affected configurations
Node
movabletypemovable_type_open_sourceRange≤4.37
ORmovabletypemovable_type_open_sourceMatch4.0
ORmovabletypemovable_type_open_sourceMatch4.0beta
ORmovabletypemovable_type_open_sourceMatch4.1
ORmovabletypemovable_type_open_sourceMatch4.1beta
ORmovabletypemovable_type_open_sourceMatch4.01beta
ORmovabletypemovable_type_open_sourceMatch4.2
ORmovabletypemovable_type_open_sourceMatch4.2beta
ORmovabletypemovable_type_open_sourceMatch4.3
ORmovabletypemovable_type_open_sourceMatch4.23
ORmovabletypemovable_type_open_sourceMatch4.25
ORmovabletypemovable_type_open_sourceMatch4.26
ORmovabletypemovable_type_open_sourceMatch4.31
ORmovabletypemovable_type_open_sourceMatch4.32
ORmovabletypemovable_type_open_sourceMatch4.33
ORmovabletypemovable_type_open_sourceMatch4.34
ORmovabletypemovable_type_open_sourceMatch4.35
ORmovabletypemovable_type_open_sourceMatch4.36
ORmovabletypemovable_type_open_sourceMatch4.261
ORmovabletypemovable_type_open_sourceMatch4.361
ORmovabletypemovable_type_open_sourceMatch5.1
ORmovabletypemovable_type_open_sourceMatch5.02
ORmovabletypemovable_type_open_sourceMatch5.03
ORmovabletypemovable_type_open_sourceMatch5.04
ORmovabletypemovable_type_open_sourceMatch5.05
ORmovabletypemovable_type_open_sourceMatch5.06
ORmovabletypemovable_type_open_sourceMatch5.11
ORmovabletypemovable_type_open_sourceMatch5.12
ORmovabletypemovable_type_open_sourceMatch5.031
ORmovabletypemovable_type_open_sourceMatch5.051
Node
movabletypemovable_type_enterpriseRange≤4.37
ORmovabletypemovable_type_enterpriseMatch4.0
ORmovabletypemovable_type_enterpriseMatch4.0beta
ORmovabletypemovable_type_enterpriseMatch4.1
ORmovabletypemovable_type_enterpriseMatch4.01beta
ORmovabletypemovable_type_enterpriseMatch4.1beta
ORmovabletypemovable_type_enterpriseMatch4.2
ORmovabletypemovable_type_enterpriseMatch4.2beta
ORmovabletypemovable_type_enterpriseMatch4.3
ORmovabletypemovable_type_enterpriseMatch4.23
ORmovabletypemovable_type_enterpriseMatch4.25
ORmovabletypemovable_type_enterpriseMatch4.26
ORmovabletypemovable_type_enterpriseMatch4.31
ORmovabletypemovable_type_enterpriseMatch4.32
ORmovabletypemovable_type_enterpriseMatch4.33
ORmovabletypemovable_type_enterpriseMatch4.34
ORmovabletypemovable_type_enterpriseMatch4.35
ORmovabletypemovable_type_enterpriseMatch4.36
ORmovabletypemovable_type_enterpriseMatch4.261
ORmovabletypemovable_type_enterpriseMatch4.361
ORmovabletypemovable_type_enterpriseMatch5.1
ORmovabletypemovable_type_enterpriseMatch5.02
ORmovabletypemovable_type_enterpriseMatch5.03
ORmovabletypemovable_type_enterpriseMatch5.04
ORmovabletypemovable_type_enterpriseMatch5.05
ORmovabletypemovable_type_enterpriseMatch5.06
ORmovabletypemovable_type_enterpriseMatch5.11
ORmovabletypemovable_type_enterpriseMatch5.12
ORmovabletypemovable_type_enterpriseMatch5.031
ORmovabletypemovable_type_enterpriseMatch5.051
Node
movabletypemovable_type_advancedRange≤4.37
ORmovabletypemovable_type_advancedMatch4.0
ORmovabletypemovable_type_advancedMatch4.0beta
ORmovabletypemovable_type_advancedMatch4.1
ORmovabletypemovable_type_advancedMatch4.01beta
ORmovabletypemovable_type_advancedMatch4.1beta
ORmovabletypemovable_type_advancedMatch4.2
ORmovabletypemovable_type_advancedMatch4.2beta
ORmovabletypemovable_type_advancedMatch4.3
ORmovabletypemovable_type_advancedMatch4.23
ORmovabletypemovable_type_advancedMatch4.25
ORmovabletypemovable_type_advancedMatch4.26
ORmovabletypemovable_type_advancedMatch4.31
ORmovabletypemovable_type_advancedMatch4.32
ORmovabletypemovable_type_advancedMatch4.33
ORmovabletypemovable_type_advancedMatch4.34
ORmovabletypemovable_type_advancedMatch4.35
ORmovabletypemovable_type_advancedMatch4.36
ORmovabletypemovable_type_advancedMatch4.261
ORmovabletypemovable_type_advancedMatch4.361
ORmovabletypemovable_type_advancedMatch5.1
ORmovabletypemovable_type_advancedMatch5.02
ORmovabletypemovable_type_advancedMatch5.03
ORmovabletypemovable_type_advancedMatch5.04
ORmovabletypemovable_type_advancedMatch5.05
ORmovabletypemovable_type_advancedMatch5.06
ORmovabletypemovable_type_advancedMatch5.11
ORmovabletypemovable_type_advancedMatch5.12
ORmovabletypemovable_type_advancedMatch5.031
ORmovabletypemovable_type_advancedMatch5.051
Node
movabletypemovable_type_proRange≤4.37
ORmovabletypemovable_type_proMatch4.0
ORmovabletypemovable_type_proMatch4.0beta
ORmovabletypemovable_type_proMatch4.1
ORmovabletypemovable_type_proMatch4.1beta
ORmovabletypemovable_type_proMatch4.01beta
ORmovabletypemovable_type_proMatch4.2
ORmovabletypemovable_type_proMatch4.2beta
ORmovabletypemovable_type_proMatch4.3
ORmovabletypemovable_type_proMatch4.23
ORmovabletypemovable_type_proMatch4.25
ORmovabletypemovable_type_proMatch4.26
ORmovabletypemovable_type_proMatch4.31
ORmovabletypemovable_type_proMatch4.32
ORmovabletypemovable_type_proMatch4.33
ORmovabletypemovable_type_proMatch4.34
ORmovabletypemovable_type_proMatch4.35
ORmovabletypemovable_type_proMatch4.36
ORmovabletypemovable_type_proMatch4.261
ORmovabletypemovable_type_proMatch4.361
ORmovabletypemovable_type_proMatch5.1
ORmovabletypemovable_type_proMatch5.02
ORmovabletypemovable_type_proMatch5.03
ORmovabletypemovable_type_proMatch5.04
ORmovabletypemovable_type_proMatch5.05
ORmovabletypemovable_type_proMatch5.06
ORmovabletypemovable_type_proMatch5.11
ORmovabletypemovable_type_proMatch5.12
ORmovabletypemovable_type_proMatch5.031
ORmovabletypemovable_type_proMatch5.051
References
jvn.jp/en/jp/JVN49836527/index.html
jvndb.jvn.jp/jvndb/JVNDB-2012-000016
osvdb.org/79470
packetstormsecurity.org/files/110203/Movable-Type-Publishing-Platform-Cross-Site-Scripting.html
seclists.org/fulldisclosure/2012/Feb/407
www.debian.org/security/2012/dsa-2423
www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html
www.movabletype.org/documentation/appendices/release-notes/513.html
www.securityfocus.com/bid/52138
www.securitytracker.com/id?1026738
exchange.xforce.ibmcloud.com/vulnerabilities/73411
exchange.xforce.ibmcloud.com/vulnerabilities/73480
www.trustwave.com/spiderlabs/advisories/TWSL2012-003.txt
Related
cvelist
cvelist
CVE-2012-0318
2012-03-03 02:00:00
CVE-2012-1262
2012-03-03 02:00:00
ubuntucve
ubuntucve
CVE-2012-1262
2012-03-03 00:00:00
CVE-2012-0318
2012-03-03 00:00:00
cve
cve
CVE-2012-0318
2012-03-03 04:04:57
prion
prion
Cross site scripting
2012-03-03 04:04:00
Cross site scripting
2012-03-03 04:04:00
nvd
nvd
CVE-2012-0318
2012-03-03 04:04:57
CVE-2012-1262
2012-03-03 04:04:57
packetstorm
packetstorm
Movable Type Publishing Platform Cross Site Scripting
2012-02-24 00:00:00
openvas
openvas
Debian Security Advisory DSA 2423-1 (movabletype-opensource)
2012-03-12 00:00:00
Debian: Security Advisory (DSA-2423-1)
2012-03-12 00:00:00
nessus
nessus
Debian DSA-2423-1 : movabletype-opensource - several vulnerabilities
2012-03-05 00:00:00
jvn
jvn
JVN#49836527: Movable Type vulnerable to cross-site scripting
2012-02-23 00:00:00
securityvulns
securityvulns
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.6 Medium
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.5%
Related for CVE-2012-1262