Vulnerabilities > Sixapart

DATE CVE VULNERABILITY TITLE RISK
2023-10-30 CVE-2023-45746 Cross-site Scripting vulnerability in Sixapart Movable Type
Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script.
network
low complexity
sixapart CWE-79
5.4
2022-12-07 CVE-2022-43660 Code Injection vulnerability in Sixapart Movable Type
Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command.
network
low complexity
sixapart CWE-94
7.2
2022-12-07 CVE-2022-45113 Improper Input Validation vulnerability in Sixapart Movable Type
Improper validation of syntactic correctness of input vulnerability exist in Movable Type series.
network
low complexity
sixapart CWE-20
6.5
2022-12-07 CVE-2022-45122 Cross-site Scripting vulnerability in Sixapart Movable Type
Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.
network
low complexity
sixapart CWE-79
6.1
2022-08-24 CVE-2022-38078 Code Injection vulnerability in Sixapart Movable Type
Movable Type XMLRPC API provided by Six Apart Ltd.
network
low complexity
sixapart CWE-94
critical
9.8
2021-10-26 CVE-2020-5669 Cross-site Scripting vulnerability in Sixapart Movable Type
Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
network
low complexity
sixapart CWE-79
5.4
2021-10-26 CVE-2021-20837 OS Command Injection vulnerability in Sixapart Movable Type
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.
network
low complexity
sixapart CWE-78
critical
9.8
2021-08-26 CVE-2021-20808 Cross-site Scripting vulnerability in Sixapart Movable Type
Cross-site scripting vulnerability in Search screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
network
low complexity
sixapart CWE-79
6.1
2021-08-26 CVE-2021-20809 Cross-site Scripting vulnerability in Sixapart Movable Type
Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
network
low complexity
sixapart CWE-79
6.1
2021-08-26 CVE-2021-20810 Cross-site Scripting vulnerability in Sixapart Movable Type
Cross-site scripting vulnerability in Website Management screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
network
low complexity
sixapart CWE-79
6.1