CVE-2025-61950

In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and versions are GroupSession Free edition prior to ver5.3.0,...

EUVD-2025-203019

SQL Injection vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If exploited, information stored in the database may be obtained or altered by an authenticated user...

PT-2025-50875

In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and versions are GroupSession Free edition prior to ver5.3.0,...

PT-2025-50877

SQL Injection vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If exploited, information stored in the database may be obtained or altered by an authenticated user...

Multiple stored cross-site scripting vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple stored cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in Edit ContentData page CWE-79 - CVE-2025-54856 Stored cross-site scripting vulnerability in Edit CategorySet of ContentType page...

Multiple vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Use of less trusted source CWE-348 - CVE-2025-53522 Open redirect CWE-601 - CVE-2025-55706 Six Apart Ltd. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN...

JVN#76729865: Multiple vulnerabilities in Movable Type

Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Use of less trusted source（CWE-348） CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 5.3 CVE-2025-53522 Open...

CVE-2023-45746

Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier Movable Type 7 Series, Movable Type Advanced 7 r.5405 and earlier Movable Type 7 Series,...

PT-2023-29662 · Unknown · Movable Type Advanced +5

Name of the Vulnerable Software and Affected Versions: Movable Type versions 7 r.5405 and earlier Movable Type Advanced versions 7 r.5405 and earlier Movable Type Premium version 1.58 and earlier Movable Type Premium Advanced version 1.58 and earlier Movable Type Cloud Edition Version 7 versions...

Movable Type vulnerable to cross-site scripting

Overview Movable Type provided by Six Apart Ltd. contains a cross-site scripting vulnerability CWE-79. Six Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning...

Six Apart Movable Type Security Vulnerability

Six Apart Movable Type is an application from Six Apart USA. It provides features including multiple users, comments, references TrackBack, themes, and more. A security vulnerability exists in Six Apart Movable Type, which stems from a cross-site scripting XSS vulnerability. Affected Products and...

SAP Enable Now Manager 10.6.5 Build 2804 Cloud Edition CSRF / XSS / Redirect

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: SAP® Enable Now Manager vulnerable version: 10.6.5 Build 2804 Cloud Edition fixed version: May 2023 Release CVE number: N/A cloud impact...

CVE-2021-1630

XML external entity XXE vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on-premise customers...

Xxe

XML external entity XXE vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on-premise customers...

CVE-2021-1630

CVE-2021-1630 is an XML External Entity (XXE) vulnerability in a Mule runtime component affecting multiple deployment options (CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on‑premises). The connected data consistently describe XXE as the underlying flaw, b...

CVE-2021-1630

XML external entity XXE vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on-premise customers...

CVE-2019-14260

On the Alcatel-Lucent Enterprise ALE 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection missing input validation issue in the password change field for the Change Password interface allows an authenticated remote attacker in the same network to trigger OS commands...

Alcatel-Lucent Enterprise 8008 Cloud Edition Deskphone VoIP Command Injection Vulnerability

ALE 8008 Cloud Edition Deskphone VoIP is a cloud edition desktop IP phone from ALE France. A command injection vulnerability exists in the password change field of the password change screen in the Alcatel-Lucent Enterprise ALE 8008 Cloud Edition Deskphone VoIP with firmware version 1.50.13, whic...

IBM InfoSphere Metadata Asset Manager and InfoSphere Information Server on Cloud SQL Injection Vulnerability

IBM InfoSphere Information Server is a set of data integration platforms from IBM in the United States. The platform can be used to integrate data information obtained from various sources. A SQL injection vulnerability exists in IBM InfoSphere Metadata Asset Manager and InfoSphere Information...