EUVD-2020-26691

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Cross-site scripting vulnerability in Movable Type allows remote script injection via crafted URL

Reporter	Title	Published	Views	Family All 10
CNVD	Movable Type Cross-Site Scripting Vulnerability (CNVD-2020-04553)	7 Feb 202000:00	–	cnvd
CVE	CVE-2020-5528	6 Feb 202009:30	–	cve
Cvelist	CVE-2020-5528	6 Feb 202009:30	–	cvelist
Japan Vulnerability Notes	JVN#94435544: Movable Type vulnerable to cross-site scripting	6 Feb 202000:00	–	jvn
Japan Vulnerability Notes	Movable Type vulnerable to cross-site scripting	6 Feb 202003:29	–	jvn
NVD	CVE-2020-5528	6 Feb 202010:15	–	nvd
OSV	CVE-2020-5528	6 Feb 202010:15	–	osv
Prion	Cross site scripting	6 Feb 202010:15	–	prion
RedhatCVE	CVE-2020-5528	22 May 202517:41	–	redhatcve
UbuntuCve	CVE-2020-5528	6 Feb 202010:15	–	ubuntucve

[
  {
    "enisaIdVendor": [
      {
        "id": "ee8771b9-ebc6-3a11-bd3e-450efa25f18b",
        "vendor": {
          "name": "Six Apart Ltd"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "a3386a00-e5e9-310a-8087-4e7ff745c751",
        "product": {
          "name": "Movable Type series"
        },
        "product_version": "Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)"
      }
    ]
  }
]

Source	Link
movabletype	www.movabletype.org/news/2020/02/movable_type_r4605_v720_v653_and_v6311_released.html
jvn	www.jvn.jp/en/jp/JVN94435544/index.html
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.16.1

CVSS 24.3

EPSS0.00429