Published:2006/09/26 Last Updated:2008/05/21
JVN#68295640
Movable Type vulnerabile to cross-site scripting
Overview
Movable Type, a web log system from Six Apart, contains a cross-site scripting vulnerability in its search module.
Products Affected
- Movable Type 3.3, 3.31, 3.32
- Movable Type Enterprise 1.01, 1.02
Description
Impact
An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, session hijacking could be conducted.
Solution
References
JPCERT/CC Addendum
Credit
Mikiya Arai of Secure Sky Technology, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2006-000653 |