EUVD-2020-26736

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

HTML attribute value injection in Movable Type allows remote HTML injection via unspecified vectors

Reporter	Title	Published	Views	Family All 9
CVE	CVE-2020-5574	14 May 202001:00	–	cve
Cvelist	CVE-2020-5574	14 May 202001:00	–	cvelist
Japan Vulnerability Notes	JVN#28806943: Multiple vulnerabilities in Movable Type	13 May 202000:00	–	jvn
Japan Vulnerability Notes	Multiple vulnerabilities in Movable Type	13 May 202008:59	–	jvn
NVD	CVE-2020-5574	14 May 202002:15	–	nvd
OSV	CVE-2020-5574	14 May 202002:15	–	osv
Prion	Design/Logic Flaw	14 May 202002:15	–	prion
RedhatCVE	CVE-2020-5574	22 May 202515:39	–	redhatcve
UbuntuCve	CVE-2020-5574	14 May 202002:15	–	ubuntucve

[
  {
    "enisaIdVendor": [
      {
        "id": "69ecb9f0-7f4a-37a2-b5c2-8ca4884ae587",
        "vendor": {
          "name": "Six Apart Ltd."
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "5f1e8b55-274f-379a-a929-6f41e771969d",
        "product": {
          "name": "Movable Type"
        },
        "product_version": "Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier"
      }
    ]
  }
]

Source	Link
movabletype	www.movabletype.org/news/2020/05/mt-730-660-6312-released.html
jvn	www.jvn.jp/en/jp/JVN28806943/index.html
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.15.3

CVSS 25

EPSS0.00338