Lucene search

[email protected]NVD:CVE-2022-45122

HistoryDec 07, 2022 - 4:15 a.m.

CVE-2022-45122

2022-12-0704:15:11

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-45122

movable type

cross-site scripting

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

51.0%

JSON

Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.

Affected configurations

NVD

Node

sixapartmovable_typeRange≤1.53premium

sixapartmovable_typeRange≤1.53premium_advanced

sixapartmovable_typeRange6.0–6.8.7-

sixapartmovable_typeRange6.0–6.8.7advanced

sixapartmovable_typeRange7.0–7.9.6-

sixapartmovable_typeRange7.0–7.9.6advanced

References

jvn.jp/en/jp/JVN37014768/index.html

movabletype.org/news/2022/11/mt-796-688-released.html

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

51.0%

JSON

Related for NVD:CVE-2022-45122

prion1 cve1 cvelist1 jvn1