Vulnerabilities > Sixapart

DATE CVE VULNERABILITY TITLE RISK
2023-10-30 CVE-2023-45746 Cross-site Scripting vulnerability in Sixapart Movable Type
Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script.
network
low complexity
sixapart CWE-79
5.4
2022-12-07 CVE-2022-43660 Code Injection vulnerability in Sixapart Movable Type
Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command.
network
low complexity
sixapart CWE-94
7.2
2022-12-07 CVE-2022-45113 Improper Input Validation vulnerability in Sixapart Movable Type
Improper validation of syntactic correctness of input vulnerability exist in Movable Type series.
network
low complexity
sixapart CWE-20
6.5
2022-12-07 CVE-2022-45122 Cross-site Scripting vulnerability in Sixapart Movable Type
Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.
network
low complexity
sixapart CWE-79
6.1
2022-08-24 CVE-2022-38078 Code Injection vulnerability in Sixapart Movable Type
Movable Type XMLRPC API provided by Six Apart Ltd.
network
low complexity
sixapart CWE-94
critical
9.8
2021-10-26 CVE-2020-5669 Cross-site Scripting vulnerability in Sixapart Movable Type
Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
network
sixapart CWE-79
3.5
2021-10-26 CVE-2021-20837 OS Command Injection vulnerability in Sixapart Movable Type
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.
network
low complexity
sixapart CWE-78
7.5
2021-08-26 CVE-2021-20808 Cross-site Scripting vulnerability in Sixapart Movable Type
Cross-site scripting vulnerability in Search screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
network
sixapart CWE-79
4.3
2021-08-26 CVE-2021-20809 Cross-site Scripting vulnerability in Sixapart Movable Type
Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
network
sixapart CWE-79
4.3
2021-08-26 CVE-2021-20810 Cross-site Scripting vulnerability in Sixapart Movable Type
Cross-site scripting vulnerability in Website Management screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
network
sixapart CWE-79
4.3