2 matches found
CVE-2007-3342
Multiple cross-site scripting XSS vulnerabilities in Movable Type MT before 3.34 allow remote attackers to inject arbitrary web script or HTML via comments that have 1 a malformed SGML numeric character reference with a '\0' 0x00 character in a javascript: URI or 2 an attribute in an element that...
CVE-2007-3342
CVE-2007-3342 documents multiple XSS flaws in Movable Type (MT) prior to version 3.34. Attack vectors include (1) a malformed SGML numeric character reference with a null byte in a javascript: URI and (2) an element attribute missing the closing '>' in the start tag. The vulnerability allows r...