7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
58.9%
Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below.
Improper Validation of Syntactic Correctness of Input (CWE-1286) - CVE-2022-45113
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N | Base Score: 4.7 |
CVSS v2 | AV:N/AC:M/Au:N/C:N/I:P/A:N | Base Score: 4.3 |
Cross-site Scripting (CWE-79) - CVE-2022-45122
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
Improper Neutralization of Server-Side Includes (SSI) Within a Web Page (CWE-97) - CVE-2022-43660
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | Base Score: 7.2 |
CVSS v2 | AV:N/AC:H/Au:S/C:P/I:P/A:P | Base Score: 4.6 |
Update the Software
Apply the appropriate update according to the information provided by the developer.
The developer has released the following updates that contain fixes for these vulnerabilities:
CVE-2022-45113、CVE-2022-45122
Movable Type 7 r.5301 and earlier (Movable Type 7 Series)
Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series)
Movable Type 6.8.7 and earlier (Movable Type 6 Series)
Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series)
Movable Type Premium 1.53 and earlier
Movable Type Premium Advanced 1.53 and earlier
CVE-2022-43660
Movable Type 7 r.5301 and earlier (Movable Type 7 Series)
Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series)
Movable Type Premium 1.53 and earlier
Movable Type Premium Advanced 1.53 and earlier