Cross-Site Scripting in Movable Type Affects Multiple Versions
CVE-2022-45122

6.1MEDIUM

Key Information:

Vendor: Six Apart Ltd.
Status: Movable Type
Vendor: CVE Published:; 7 December 2022

Summary

A Cross-Site Scripting (XSS) vulnerability exists in multiple versions of Movable Type, allowing remote unauthenticated attackers to inject arbitrary scripts. This can lead to potential unauthorized access and data manipulation, presenting significant security risks to users and their data integrity. It is crucial for impacted users to apply updates and mitigate the effects of this vulnerability.

Affected Version(s)

Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier

References

https://movabletype.org/news/2022/11/mt-796-688-released....

https://jvn.jp/en/jp/JVN37014768/index.html

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 7, 2022
Vulnerability Reserved
Nov 15, 2022