CVE-2025-25054
Movable Type (Six Apart) contains a Reflected Cross-Site Scripting vulnerability in the user information edit page that is triggered when the Multi-Factor authentication plugin is enabled and a logged-in user visits a crafted page. Exploitation could cause arbitrary script execution in the user’s...