3 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Movable Type MT before 3.34 allow remote attackers to inject arbitrary web script or HTML via comments that have 1 a malformed SGML numeric character reference with a '\0' 0x00 character in a javascript: URI or 2 an attribute in an element that...
Cross site scripting
Cross-site scripting XSS vulnerability in Movable Type MT before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry screen," a different vulnerability than CVE-2007-0231...
CVE-2007-0231
CVE-2007-0231 describes a cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33 where, if nofollow is disabled and unmoderated comments are enabled, a remote attacker can inject arbitrary web script or HTML via the Comments field. The vulnerability concerns Movable Type 3.33 and is t...