Vulnerabilities > SIX Apart > Low

DATE CVE VULNERABILITY TITLE RISK
2009-07-17 CVE-2009-2492 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.
network
high complexity
six-apart six-apart-ltd sixapart CWE-79
2.6
2008-10-21 CVE-2008-4634 Cross-Site Scripting vulnerability in SIX Apart Movable Type 4/4.20
Cross-site scripting (XSS) vulnerability in Movable Type 4 through 4.21 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the administrative page, a different vulnerability than CVE-2008-4079.
network
six-apart CWE-79
3.5
2005-12-31 CVE-2005-4690 Unspecified vulnerability in SIX Apart Movable Type 3.16
Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitrary files of certain types (such as HTML and image files) by selecting an arbitrary directory as a blog's top-level directory.
local
low complexity
six-apart
2.1
2005-09-28 CVE-2005-3104 Remote Security vulnerability in SIX Apart Movable Type 3.16
mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments.
network
high complexity
six-apart
2.6