CVE-2022-38972

Summary

Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series) allows a remote unauthenticated attacker to inject an arbitrary script.

Affected Software

VendorProductVersion RangeStatus
ARK-Web co., ltd.A-Formversions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series)affected

Weaknesses

  • Cross-site scripting

ADP Enrichment

CVE Program Container

Additional References

References