4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
46.8%
Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below.
Cross-site scripting vulnerability in Search screen (CWE-79) - CVE-2021-20808
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type (CWE-79) - CVE-2021-20809
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
Cross-site scripting vulnerability in Website Management screen (CWE-79) - CVE-2021-20810
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
Cross-site scripting vulnerability in List of Assets screen (CWE-79) - CVE-2021-20811
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
Cross-site scripting vulnerability in Setting screen of Server Sync (CWE-79) - CVE-2021-20812
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
Cross-site scripting vulnerability in Edit screen of Content Data (CWE-79) - CVE-2021-20813
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin (CWE-79) - CVE-2021-20814
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
Cross-site scripting vulnerability in Edit Boilerplate screen (CWE-79) - CVE-2021-20815
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
An arbitrary script may be executed on a logged-in user’s web browser.
Update the software
Update the software to the latest version according to the information provided by the developer.
CVE-2021-20808, CVE-2021-20809, CVE-2021-20810, CVE-2021-20811, CVE-2021-20815
Movable Type 7 r.4903 and earlier (Movable Type 7 Series)
Movable Type 6.8.0 and earlier (Movable Type 6 Series)
Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series)
Movable Type Premium 1.44 and earlier
Movable Type Premium Advanced 1.44 and earlier
CVE-2021-20812
Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series)
Movable Type Premium Advanced 1.44 and earlier
CVE-2021-20813
Movable Type 7 r.4903 and earlier (Movable Type 7 Series)
Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series)
CVE-2021-20814
Movable Type 7 r.4903 and earlier (Movable Type 7 Series)
Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series)
Movable Type Premium 1.44 and earlier
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
46.8%