Published:2012/02/23 Last Updated:2012/02/23
JVN#49836527
Movable Type vulnerable to cross-site scripting
Overview
Movable Type contains a cross-site scripting vulnerability.
Products Affected
Version 5.12, 5.06, 4.37, 4.292 and earlier of the products listed below are vulnerable.
- Movable Type Open Source
- Movable Type (with Professional Pack, Community Pack)
- Movable Type Enterprise
- Movable Type Advanced
Description
mt-wizard.cgi and Movable Type templates contain a cross-site scripting vulnerability.
Impact
An arbitrary script may be executed on the user's web browser.
Solution
Update the software
Update to the latest version of each product according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| Six Apart KK | Movable Type 5.13, 5.07, and 4.38 Release Notes |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2012-0318 |
| JVN iPedia |
JVNDB-2012-000016 |