JVN#49836527: Movable Type vulnerable to cross-site scripting

ID JVN:49836527
Type jvn
Reporter Japan Vulnerability Notes
Modified 2012-02-23T00:00:00


## Description

mt-wizard.cgi and Movable Type templates contain a cross-site scripting vulnerability.

## Impact

An arbitrary script may be executed on the user's web browser.

## Solution

Update the software
Update to the latest version of each product according to the information provided by the developer.

## Products Affected

Version 5.12, 5.06, 4.37, 4.292 and earlier of the products listed below are vulnerable.

  • Movable Type Open Source
  • Movable Type (with Professional Pack, Community Pack)
  • Movable Type Enterprise
  • Movable Type Advanced For more information, refer to the information provided by the developer.