Vulnerabilities > Sixapart

DATE CVE VULNERABILITY TITLE RISK
2019-12-26 CVE-2019-6025 Open Redirect vulnerability in Sixapart Movable Type
Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.
network
low complexity
sixapart CWE-601
6.1
2018-09-04 CVE-2018-0672 Cross-site Scripting vulnerability in Sixapart Movable Type
Cross-site scripting vulnerability in Movable Type versions prior to Ver.
network
low complexity
sixapart CWE-79
6.1
2017-01-23 CVE-2016-5742 SQL Injection vulnerability in Sixapart Movable Type and Movable Type Open Source
SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
sixapart CWE-89
critical
9.8