Vulnerabilities > SIX Apart > Movable Type

DATE CVE VULNERABILITY TITLE RISK
2012-07-07 CVE-2012-2644 Cross-Site Scripting vulnerability in Hazama Mt4I
Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2642.
4.3
2012-07-07 CVE-2012-2642 Cross-Site Scripting vulnerability in Hazama Mt4I
Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2644.
4.3
2011-11-03 CVE-2011-2676 Improper Authentication vulnerability in Ark-Web products
The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote authenticated users to modify data via unspecified vectors.
network
low complexity
ark-web six-apart CWE-287
5.5
2009-07-17 CVE-2009-2492 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.
network
high complexity
six-apart six-apart-ltd sixapart CWE-79
2.6
2009-07-16 CVE-2009-2481 Improper Authentication vulnerability in multiple products
mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors.
5.8
2009-01-02 CVE-2008-5808 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to "application management."
4.3
2008-10-21 CVE-2008-4634 Cross-Site Scripting vulnerability in SIX Apart Movable Type 4/4.20
Cross-site scripting (XSS) vulnerability in Movable Type 4 through 4.21 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the administrative page, a different vulnerability than CVE-2008-4079.
network
six-apart CWE-79
3.5
2008-09-15 CVE-2008-4079 Cross-Site Scripting vulnerability in SIX Apart Movable Type
Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x through 4.20, and 3.36 and earlier; Movable Type Enterprise 4.x through 4.20, and 1.54 and earlier; and Movable Type Community Solution allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
six-apart CWE-79
4.3
2007-06-21 CVE-2007-3342 Cross-Site Scripting vulnerability in Movable Type
Multiple cross-site scripting (XSS) vulnerabilities in Movable Type (MT) before 3.34 allow remote attackers to inject arbitrary web script or HTML via comments that have (1) a malformed SGML numeric character reference with a '\0' (0x00) character in a javascript: URI or (2) an attribute in an element that lacks the '>' character at the end of the start tag, a different vulnerability than CVE-2007-0231.
network
six-apart
4.3
2007-01-13 CVE-2007-0231 Cross-Site Scripting vulnerability in SIX Apart Movable Type 3.33
Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field.
network
six-apart
6.8