Vulnerabilities > Sixapart > Movable Type > 4.381
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-30 | CVE-2023-45746 | Cross-site Scripting vulnerability in Sixapart Movable Type Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. | 5.4 |
2021-10-26 | CVE-2021-20837 | OS Command Injection vulnerability in Sixapart Movable Type Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. | 7.5 |
2018-09-04 | CVE-2018-0672 | Cross-site Scripting vulnerability in Sixapart Movable Type Cross-site scripting vulnerability in Movable Type versions prior to Ver. | 4.3 |
2015-03-27 | CVE-2013-2184 | Code vulnerability in Sixapart Movable Type Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter. | 7.5 |
2014-12-16 | CVE-2014-9057 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |