EUVD-2020-26738

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Cross-site request forgery vulnerability in Movable Type allows remote attackers to hijack authentication.

Reporter	Title	Published	Views	Family All 9
CNVD	Six Apart Movable Type Cross-Site Request Forgery Vulnerability	15 May 202000:00	–	cnvd
CVE	CVE-2020-5576	14 May 202001:00	–	cve
Cvelist	CVE-2020-5576	14 May 202001:00	–	cvelist
Japan Vulnerability Notes	JVN#28806943: Multiple vulnerabilities in Movable Type	13 May 202000:00	–	jvn
Japan Vulnerability Notes	Multiple vulnerabilities in Movable Type	13 May 202008:59	–	jvn
NVD	CVE-2020-5576	14 May 202002:15	–	nvd
Prion	Cross site request forgery (csrf)	14 May 202002:15	–	prion
RedhatCVE	CVE-2020-5576	22 May 202517:42	–	redhatcve
UbuntuCve	CVE-2020-5576	14 May 202002:15	–	ubuntucve

[
  {
    "enisaIdVendor": [
      {
        "id": "702343fc-099a-3f7b-972d-1b2a63793cd3",
        "vendor": {
          "name": "Six Apart Ltd."
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "96082525-fa06-3dd3-be7b-b336ecee8689",
        "product": {
          "name": "Movable Type"
        },
        "product_version": "Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier"
      }
    ]
  }
]

Source	Link
movabletype	www.movabletype.org/news/2020/05/mt-730-660-6312-released.html
jvn	www.jvn.jp/en/jp/JVN28806943/index.html
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

7.5High risk

Vulners AI Score7.5

CVSS 3.18.8

CVSS 26.8

EPSS0.00149