Vulnerabilities > SIX Apart > Movable Type > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-09-28 | CVE-2005-3103 | Cross-Site Scripting vulnerability in SIX Apart Movable Type 3.16 Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 allows remote attackers to inject arbitrary web script or HTML via the (1) title, (2) category, (3) body, (4) extended body, and (5) excerpt form fields in new blog entries. network six-apart | 4.3 |
| 2005-09-28 | CVE-2005-3102 | The administrative interface in Movable Type allows attackers to upload files with arbitrary extensions under the web root. | 5.0 |
| 2005-09-28 | CVE-2005-3101 | Information Disclosure vulnerability in SIX Apart Movable Type 3.17 The password reset feature in Movable Type before 3.2 generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames. | 5.0 |
| 2003-06-16 | CVE-2003-0287 | Unspecified vulnerability in SIX Apart Movable Type 2.63 Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled. network six-apart | 6.8 |