Lucene search

[email protected]NVD:CVE-2023-45746

HistoryOct 30, 2023 - 5:15 a.m.

CVE-2023-45746

2023-10-3005:15:09

CWE-79

[email protected]

web.nvd.nist.gov

movable type

cross-site scripting

remote attacker

arbitrary script

vulnerability

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier.

Affected configurations

NVD

Node

sixapartmovable_typeRange<7.902.0

Node

sixapartmovable_typeRange<7.902.0advanced

Node

sixapartmovable_typeRange<1.59premium

Node

sixapartmovable_typeRange<1.59premium_advanced

Node

sixapartmovable_typeRange<7.902.0aws

Node

sixapartmovable_typeRange<1.59advanced_aws

References

jvn.jp/en/jp/JVN39139884/

movabletype.org/news/2023/10/mt-79020-released.html

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

Related for NVD:CVE-2023-45746

cve1 prion1 cvelist1 jvn1