CVE-2021-20665
N/A
N/A
Summary
Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Six Apart Ltd. | Movable Type | Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier | affected |
Weaknesses
- Cross-site scripting
ADP Enrichment
CVE Program Container
Additional References
- https://jvn.jp/en/jp/JVN66542874/index.html
- https://movabletype.org/news/2021/02/mt-760-676-released.html
References
- https://jvn.jp/en/jp/JVN66542874/index.html
- https://movabletype.org/news/2021/02/mt-760-676-released.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.