CVE-2008-5845

Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View template; a (5) listing screen or (6) edit screen in the CMS app; (7) a TrackBack title, related to the HTML sanitization library; or (8) a user archive name (aka archive title) on a published Community Blog template.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
sixapartmovable_type
𝑥
≤ 4.21
sixapartmovable_type
3.0d:d
sixapartmovable_type
3.1
sixapartmovable_type
3.01d:d
sixapartmovable_type
3.2
sixapartmovable_type
3.3
sixapartmovable_type
3.11
sixapartmovable_type
3.12
sixapartmovable_type
3.14
sixapartmovable_type
3.15
sixapartmovable_type
3.16
sixapartmovable_type
3.17
sixapartmovable_type
3.32
sixapartmovable_type
3.33
sixapartmovable_type
3.34
sixapartmovable_type
3.35
sixapartmovable_type
4.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
movabletype-opensource
karmic
not-affected
jaunty
not-affected
intrepid
ignored
hardy
dne
gutsy
dne
dapper
dne
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN45658190/index.html
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000031.html
http://www.movabletype.org/mt_423_change_log.html
http://jvn.jp/en/jp/JVN45658190/index.html
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000031.html
http://www.movabletype.org/mt_423_change_log.html