Published:2008/10/17  Last Updated:2011/05/23

JVN#81490697
Movable Type cross-site scripting vulnerability

Overview

Movable Type contains a cross-site scripting vulnerability.

Products Affected

  • Movable Type 4 (version 4.22 and earlier)
  • Movable Type Enterprise 4 (version 4.22 and earlier)
  • Movable Type Community Solution 4 (version 4.22 and earlier)
  • Movable Type 4 (Open Source) (version 4.22 and earlier)
  • Movable Type 3 (version 3.37 and earlier)
  • Movable Type Enterprise 1.5 (version 1.55 and earlier)

    • For more information, refer to the vendor's website.

Description

Movable Type, a web log system from Six Apart KK, contains a vulnerability resulting from the improper handling of the management page that can lead to cross-site scripting.

This vulnerability is different from JVN#30385652.

Impact

An arbitrary script may be executed on the blog administrator's web browser.

Solution

Update the Software
Update to the latest version according to the information provided by the vendor.

Vendor Status

Vendor Status Last Update Vendor Notes
Six Apart KK vulnerable 2011/05/20 http://www.movabletype.org/2008/12/mt_423_is_now_out.html

References

JPCERT/CC Addendum

An updated version addressing this vulnerability was released on December 3, 2008

Vulnerability Analysis by JPCERT/CC

Analyzed on 2008.10.17

Measures Conditions Severity
Access Required can be attacked over the Internet using packets
  • High
Authentication self-registration, perhaps valid e-mail
  • Mid-High
User Interaction Required the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file
  • Mid
Exploit Complexity the user must be convinced to take a difficult or suspicious action. If the honest user must have elevated privileges, they are likely to be more suspiciouse
  • High

Description of each analysis measures

Credit

Ryuji Sakai, Tomohito Yoshino and Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under the Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2008-4634
JVN iPedia JVNDB-2008-000072

Update History

2008/12/03
Information under the sections Products Affected, JPCERT/CC Addendum were modified.
2011/05/23
Six Apart KK update status