Vulnerabilities > Sixapart > Movable Type > 5.13
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-30 | CVE-2023-45746 | Cross-site Scripting vulnerability in Sixapart Movable Type Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. | 5.4 |
2021-10-26 | CVE-2021-20837 | OS Command Injection vulnerability in Sixapart Movable Type Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. | 7.5 |
2018-09-04 | CVE-2018-0672 | Cross-site Scripting vulnerability in Sixapart Movable Type Cross-site scripting vulnerability in Movable Type versions prior to Ver. | 4.3 |
2014-12-16 | CVE-2014-9057 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2014-08-29 | CVE-2012-1503 | Cross-Site Scripting vulnerability in Sixapart Movable Type 5.13 Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section. | 4.3 |