CVE-2009-2492

Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
six_apartmovable_type
𝑥
≤ 4.25
six_apartmovable_type
1.54
six_apartmovable_type
2.6
six_apartmovable_type
2.63
six_apartmovable_type
3.3
six_apartmovable_type
3.16
six_apartmovable_type
3.17
six_apartmovable_type
3.32
six_apartmovable_type
3.33
six_apartmovable_type
3.36
six_apartmovable_type
4.20
six_apartmovable_type
4.20
six_apartmovable_type
4.20
six_apartmovable_type
4.20
six_apart_ltdmovable_type
*
six_apart_ltdmovable_type
3.33
sixapartmovable_type
1.00
sixapartmovable_type
1.1
sixapartmovable_type
1.2
sixapartmovable_type
1.3
sixapartmovable_type
1.4
sixapartmovable_type
1.5
sixapartmovable_type
1.31
sixapartmovable_type
3.0d:d
sixapartmovable_type
3.1
sixapartmovable_type
3.01d:d
sixapartmovable_type
3.2
sixapartmovable_type
3.3
sixapartmovable_type
3.11
sixapartmovable_type
3.12
sixapartmovable_type
3.14
sixapartmovable_type
3.15
sixapartmovable_type
3.16
sixapartmovable_type
3.17
sixapartmovable_type
3.32
sixapartmovable_type
3.33
sixapartmovable_type
3.34
sixapartmovable_type
3.35
sixapartmovable_type
4.0
sixapartmovable_type
4.0
sixapartmovable_type
4.01
sixapartmovable_type
4.1
sixapartmovable_type
4.1
sixapartmovable_type
4.01
sixapartmovable_type
4.01:b
sixapartmovable_type
4.01:b
sixapartmovable_type
4.2
sixapartmovable_type
4.2
sixapartmovable_type
4.2
sixapartmovable_type
4.12
sixapartmovable_type
4.12
sixapartmovable_type
4.21
sixapartmovable_type
4.21
sixapartmovable_type
4.21
sixapartmovable_type
4.23
sixapartmovable_type
4.23
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
movabletype-opensource
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN86472161/index.html
http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html
http://secunia.com/advisories/35534
http://www.securityfocus.com/bid/35885
http://www.vupen.com/english/advisories/2009/1668
http://jvn.jp/en/jp/JVN86472161/index.html
http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html
http://secunia.com/advisories/35534
http://www.securityfocus.com/bid/35885
http://www.vupen.com/english/advisories/2009/1668