4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
47.2%
Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below.
Cross-site scripting vulnerability in Role authority setting screen (CWE-79) - CVE-2021-20663
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
Cross-site scripting vulnerability in Asset registration screen (CWE-79) - CVE-2021-20664
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
Cross-site scripting vulnerability in Add asset screen of Contents field (CWE-79) - CVE-2021-20665
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
An arbitrary script may be executed on a logged-in user’s web browser.
Update the software
Update to the latest version according to the information provided by the developer.
CVE-2021-20663, CVE-2021-20664
Movable Type 7 r.4705 and earlier (Movable Type 7 Series)
Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series)
Movable Type 6.7.5 and earlier (Movable Type 6.7 Series)
Movable Type Premium 1.39 and earlier
Movable Type Premium Advanced 1.39 and earlier
CVE-2021-20665
Movable Type 7 r.4705 and earlier (Movable Type 7 Series)
Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series)
Movable Type Premium 1.39 and earlier
Movable Type Premium Advanced 1.39 and earlier
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
47.2%