3 matches found
CVE-2009-2480
Cross-site scripting XSS vulnerability in mt-wizard.cgi in Six Apart Movable Type 4.24, and 4.25 when global templates are not initialized, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2009-2480
CVE-2009-2480 is an XSS in Movable Type’s mt-wizard.cgi affecting versions 4.24 and 4.25 when global templates are not initialized. The vulnerability arises from unsanitized input in the set_static_uri_to parameter, enabling a remote attacker to inject arbitrary script or HTML. Nessus NASL notes ...
Movable Type mt-wizard.cgi set_static_uri_to Parameter XSS
The version of Movable Type running on the remote host has a cross- site scripting vulnerability in 'mt-wizard.cgi'. Input to the 'setstaticurito' parameter is not sanitized. A remote attacker could exploit this by tricking a user into submitting a specially crafted POST request, which would...