JVN#45405689
Multiple vulnerabilities in Movable Type
Overview
Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities.
Products Affected
Movable Type Software Edition
- Movable Type / Movable Type Advanced
- 9.0.4 to 9.0.5 (9.0 series)
- 8.8.0 to 8.8.1 (8.8 series)
- 8.0.2 to 8.0.8 (8.0 series)
- Movable Type Premium / Movable Type Premium (Advanced Edition)
- 9.0.4 (MTP 9.0 series)
- 2.13 and earlier (MTP 2 series)
Movable Type Cloud Edition
- Movable Type
- 9.0.5 (9 series)
- 8.8.1 (8 series)
- Movable Type Premium
- 9.0.5 (9 series)
- 2.12 (MTP 2 series)
Description
Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below.
- Stored cross-site scripting vulnerability in Edit Comment (CWE-79)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 4.8
- CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4
- CVE-2026-21393
- Stored cross-site scripting vulnerability in Export Sites (CWE-79)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 4.8
- CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4
- CVE-2026-22875
- Unrestricted upload of file with dangerous type (CWE-434)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L Base Score 5.1
- CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L Base Score 6.5
- CVE-2026-23704
- Improper neutralization of formula elements in a CSV file (CWE-1236)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L Base Score 4.8
- CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L Base Score 6.5
- CVE-2026-24447
Impact
- An arbitrary script may be executed on a logged-in user's web browser (CVE-2026-21393, CVE-2026-22875)
- If an administrator of the product accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the administrator's browser (CVE-2026-23704)
- If a malformed data is input to the affected product, a victim user may download a CSV file containing such malformed data, and the embedded code may be executed when the CSV file is opened in the user's environment (CVE-2026-24447)
Solution
Update the Software
Update the affected product to the latest version according to the information provided by the developer.
The developer has released the following updates that contain fixes for these vulnerabilities.
Movable Type Software Edition
- Movable Type / Movable Type Advanced
- 9.0.6 (9.0 series)
- 8.8.2 (8.8 series)
- 8.0.9 (8.0 series)
- Movable Type Premium / Movable Type Premium (Advanced Edition)
- 9.1.0 (MTP 9.0 series)
- 2.14 (MTP 2 series)
- Movable Type
- 9.1.0 (9.0 series)
- 8.8.2 (8.8 series)
- Movable Type Premium
- 9.1.0 (9.0 series)
- 2.14 (MTP 2 series)
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Six Apart Ltd. | Vulnerable | 2026/02/04 | Six Apart Ltd. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
CVE-2026-21393, CVE-2026-22875
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.
CVE-2026-23704, CVE-2026-24447
Six Apart Ltd. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2026-21393 |
|
CVE-2026-22875 |
|
|
CVE-2026-23704 |
|
|
CVE-2026-24447 |
|
| JVN iPedia |
JVNDB-2026-000020 |