cvelistv5 - CVE-2009-2492

CVE-2009-2492

Vulnerability from cvelistv5

Published

2009-07-17 16:00

Modified

2024-08-07 05:52

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.

References

URL	Tags
cve@mitre.org	http://jvn.jp/en/jp/JVN86472161/index.html
cve@mitre.org	http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html	Patch
cve@mitre.org	http://secunia.com/advisories/35534	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/35885
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1668	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN86472161/index.html
af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35534	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35885
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1668	Patch, Vendor Advisory

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:14.767Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVNDB-2009-000042",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html"
          },
          {
            "name": "35885",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35885"
          },
          {
            "name": "JVN#86472161",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN86472161/index.html"
          },
          {
            "name": "35534",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35534"
          },
          {
            "name": "ADV-2009-1668",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1668"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-06-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-08-07T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "JVNDB-2009-000042",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html"
        },
        {
          "name": "35885",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35885"
        },
        {
          "name": "JVN#86472161",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN86472161/index.html"
        },
        {
          "name": "35534",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35534"
        },
        {
          "name": "ADV-2009-1668",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1668"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2492",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVNDB-2009-000042",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html"
            },
            {
              "name": "35885",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35885"
            },
            {
              "name": "JVN#86472161",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN86472161/index.html"
            },
            {
              "name": "35534",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35534"
            },
            {
              "name": "ADV-2009-1668",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1668"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2492",
    "datePublished": "2009-07-17T16:00:00",
    "dateReserved": "2009-07-17T00:00:00",
    "dateUpdated": "2024-08-07T05:52:14.767Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-2492\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-07-17T16:30:00.983\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en mt-wizard.cgi en Six Apart Movable Type anteriores a v4.261, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no espec\u00edficos, es una vulnerabilidad distinta a CVE-2009-2480.\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:P/A:N\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:six_apart:movable_type:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.25\",\"matchCriteriaId\":\"0641196B-87D2-40D3-B826-C04549BB6B8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:six_apart:movable_type:1.54:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"56106A34-006E-4B73-B6C6-3F36E9C2A355\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:six_apart:movable_type:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1731B0E-71C0-4650-BFBF-1FB3865EAE76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:six_apart:movable_type:2.63:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C057E938-243B-4BEE-BF38-F3334A2B9275\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:six_apart:movable_type:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE37614D-A959-4B4A-BF2E-9F3C1072BA20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:six_apart:movable_type:3.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C1542C3-E6CD-4CF6-9F1D-E8E58F2A11E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:six_apart:movable_type:3.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47F63E3A-019C-431C-A155-1CD6E42FA485\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:six_apart:movable_type:3.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13132B94-C271-46F7-9450-FBA1FCBB914E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:six_apart:movable_type:3.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B584BED2-F630-4A5B-8FE9-29BBE9517214\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:six_apart:movable_type:3.36:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"14FCDA0F-2562-4B58-BF3A-F908AFABC557\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:six_apart:movable_type:4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D62FC8B9-3B6A-46C6-94CD-E35941BB64C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:six_apart:movable_type:4:*:community_solution:*:*:*:*:*\",\"matchCriteriaId\":\"414CB64F-4460-4819-A1B9-673550080C4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:six_apart:movable_type:4:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"1841D3B7-8F8A-4FE2-B9C2-47FCFF5984AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:six_apart:movable_type:4:*:open_source:*:*:*:*:*\",\"matchCriteriaId\":\"73406BA8-4FE0-44D0-90EF-0084881D706D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:six_apart:movable_type:4.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C55BC3C3-83AB-452C-AC2D-A53B3E0C3473\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:six_apart:movable_type:4.20:*:community_solution:*:*:*:*:*\",\"matchCriteriaId\":\"C4EFB50C-CC9C-46EC-92C3-A581684354E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:six_apart:movable_type:4.20:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"E7FEAC67-FA0C-49AE-9AEB-B1E68FB54C8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:six_apart:movable_type:4.20:*:open_source:*:*:*:*:*\",\"matchCriteriaId\":\"321A94B3-CDAC-4793-9660-CDCDC614EBAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:six_apart_ltd:movable_type:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F52B477-8052-432E-A382-2181BF337321\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:six_apart_ltd:movable_type:3.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C580448-40D1-4C92-9301-861E4346DB65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:1.00:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"B1A33E50-6BFD-418F-9F3E-B42C013AA0F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:1.1:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"DC0F1B54-554E-45C7-8943-A73086C88385\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:1.2:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"A56CDA00-DC8E-4042-A882-FB6D7D2F43B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:1.3:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"1C8F4F3A-9942-4263-BC42-CDCDACDFF2E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:1.4:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"38626110-81A0-4C99-AB8F-D77FDF662887\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:1.5:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"5212ADBE-9F50-4EAB-AC28-91314AA24595\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:1.31:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"3542C36E-E457-46DD-A5F7-BD22E16F1C46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:3.0d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"461319CC-BCDC-4E24-B384-1EEC8B7C4596\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"967DAF27-D561-4FDB-A65C-788551871E5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:3.01d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD460D1D-5971-491E-863A-D230A0B28ED4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BC178AF-FAF7-49E2-8AE7-1858BD67F44B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CEA1C54-4636-44B1-B620-85F0D870797E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1819A7A1-366A-4168-AE0E-4CE1FF0D3E3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:3.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9F743E8-72E9-4AEB-B137-A61EB67B8FF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:3.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE92182C-5BBE-4FCD-959B-E95630D16E17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:3.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99E9BE91-D42E-4523-A48E-E7B4FBE7A924\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:3.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C5935CA-FDE2-4300-8091-DBD0DC4D2081\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:3.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF080128-CC7C-4F71-9268-B7691D54F358\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:3.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4783C1BD-B2BA-4D86-A61D-3EB2396DE1D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:3.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50782308-93FA-4F8F-93FB-4A4E55D95360\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:3.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5C968A9-F07A-4C99-B4A5-434E96DDB928\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:3.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9CD9174-EE47-40B8-8F49-81EAD89267D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:4.0:-:community_solution:*:*:*:*:*\",\"matchCriteriaId\":\"B4FEB07E-4D70-4A24-822E-E4689CB8C9CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:4.0:-:pro:*:*:*:*:*\",\"matchCriteriaId\":\"59457028-2EA4-472F-A76F-EF867F48937F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:4.01:-:community_solution:*:*:*:*:*\",\"matchCriteriaId\":\"ABE24C88-6062-4A36-9852-D9EC818EEA0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:4.1:-:community_solution:*:*:*:*:*\",\"matchCriteriaId\":\"11C793FA-AE7C-430F-B537-19B788D9BC6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:4.1:-:pro:*:*:*:*:*\",\"matchCriteriaId\":\"F80A607A-66A8-4995-A396-5487B8E3029C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:4.01:-:pro:*:*:*:*:*\",\"matchCriteriaId\":\"C3C21088-A9A5-4CE2-B4D7-8BC48DB84540\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:4.01:b:community_solution:*:*:*:*:*\",\"matchCriteriaId\":\"C1DCAD70-9FFF-4950-875D-586937E93473\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:4.01:b:pro:*:*:*:*:*\",\"matchCriteriaId\":\"395B9CE4-EA3A-42A1-AD37-6487911E10D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56195FCE-D933-40C6-A6A3-6AC8CFECA5DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:4.2:-:community_solution:*:*:*:*:*\",\"matchCriteriaId\":\"448081A9-A8C9-4FEC-879B-7FA11997B4D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:4.2:-:pro:*:*:*:*:*\",\"matchCriteriaId\":\"E7538776-B7B2-4912-BFE3-E7A1033F41E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:4.12:-:community_solution:*:*:*:*:*\",\"matchCriteriaId\":\"F33F4F69-D670-4698-84C6-EDD9D78F2D9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:4.12:-:pro:*:*:*:*:*\",\"matchCriteriaId\":\"1E481C6C-F6EF-4E7D-8DAF-F68407DE6501\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:4.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AD39A71-0B61-4319-BEE1-12CAD4B095A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:4.21:-:community_solution:*:*:*:*:*\",\"matchCriteriaId\":\"23B5D056-BC56-4851-8E76-7E22C911EEFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:4.21:-:pro:*:*:*:*:*\",\"matchCriteriaId\":\"CA9BC769-BE45-42EC-8E35-02E6B216D6E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:4.23:-:community_solution:*:*:*:*:*\",\"matchCriteriaId\":\"9A1B400B-FEC9-416B-89F2-C96B1BE11BF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sixapart:movable_type:4.23:-:pro:*:*:*:*:*\",\"matchCriteriaId\":\"1458F0E9-6AF1-44C6-B0EC-7BCF314B0038\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN86472161/index.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/35534\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/35885\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1668\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://jvn.jp/en/jp/JVN86472161/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/35534\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/35885\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1668\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

gsd-2009-2492

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-2492

Aliases

CVE-2009-2492

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-2492",
    "description": "Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.",
    "id": "GSD-2009-2492"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-2492"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.",
      "id": "GSD-2009-2492",
      "modified": "2023-12-13T01:19:46.221983Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-2492",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVNDB-2009-000042",
            "refsource": "JVNDB",
            "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html"
          },
          {
            "name": "35885",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/35885"
          },
          {
            "name": "JVN#86472161",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN86472161/index.html"
          },
          {
            "name": "35534",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35534"
          },
          {
            "name": "ADV-2009-1668",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1668"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:4.2:-:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:4.2:-:community_solution:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:4.01:b:community_solution:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:4.01:-:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:3.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:1.1:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:1.00:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:six_apart:movable_type:3.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:six_apart:movable_type:3.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:six_apart:movable_type:4.20:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:six_apart:movable_type:4.20:*:open_source:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:4.23:-:community_solution:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:4.21:-:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:4.12:-:community_solution:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:4.1:-:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:4.0:-:community_solution:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:3.35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:3.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:3.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:1.4:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:1.31:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:six_apart:movable_type:4.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:six_apart:movable_type:4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:six_apart:movable_type:3.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:six_apart:movable_type:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.25",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:six_apart:movable_type:1.54:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:six_apart:movable_type:4:*:open_source:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:4.23:-:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:4.21:-:community_solution:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:4.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:4.1:-:community_solution:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:4.01:b:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:3.34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:3.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:3.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:3.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:3.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:1.3:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:1.2:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:six_apart:movable_type:3.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:six_apart:movable_type:3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:six_apart:movable_type:3.36:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:six_apart:movable_type:4.20:*:community_solution:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:4.12:-:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:4.01:-:community_solution:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:4.0:-:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:3.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:3.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:3.01d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sixapart:movable_type:1.5:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:six_apart_ltd:movable_type:3.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:six_apart_ltd:movable_type:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:six_apart:movable_type:2.63:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:six_apart:movable_type:2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:six_apart:movable_type:4:*:community_solution:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:six_apart:movable_type:4:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2492"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#86472161",
              "refsource": "JVN",
              "tags": [],
              "url": "http://jvn.jp/en/jp/JVN86472161/index.html"
            },
            {
              "name": "JVNDB-2009-000042",
              "refsource": "JVNDB",
              "tags": [
                "Patch"
              ],
              "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html"
            },
            {
              "name": "ADV-2009-1668",
              "refsource": "VUPEN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1668"
            },
            {
              "name": "35534",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/35534"
            },
            {
              "name": "35885",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/35885"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2009-08-07T05:22Z",
      "publishedDate": "2009-07-17T16:30Z"
    }
  }
}

CVE-2009-2492

Vulnerability from jvndb

Published

2009-07-01 17:53

Modified

2009-07-01 17:53

Severity ?

() - -

Summary

Movable Type cross-site scripting vulnerability

Details

Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is a different vulnerability than past reports on JVN. A successful attack requires mt-wizard.cgi not to be deleted after initial setup. For more information, refer to the developer's website. Masashi Shiraishi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

▼	Type	URL
	JVN	http://jvn.jp/en/jp/JVN86472161/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2492
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2492
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Six Apart, Ltd.	Movable Type

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html",
  "dc:date": "2009-07-01T17:53+09:00",
  "dcterms:issued": "2009-07-01T17:53+09:00",
  "dcterms:modified": "2009-07-01T17:53+09:00",
  "description": "Movable Type contains a cross-site scripting vulnerability.\r\n\r\nMovable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability.\r\nThis vulnerability is a different vulnerability than past reports on JVN.\r\n\r\nA successful attack requires mt-wizard.cgi not to be deleted after initial setup. For more information, refer to the developer\u0027s website.\r\n\r\nMasashi Shiraishi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html",
  "sec:cpe": {
    "#text": "cpe:/a:sixapart:movable_type",
    "@product": "Movable Type",
    "@vendor": "Six Apart, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2009-000042",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN86472161/index.html",
      "@id": "JVN#86472161",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2492",
      "@id": "CVE-2009-2492",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2492",
      "@id": "CVE-2009-2492",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Movable Type cross-site scripting vulnerability"
}

ghsa-cvj4-9f98-hhj7

Vulnerability from github

Published

2022-05-02 03:35

Modified

2022-05-02 03:35

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-2492"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-07-17T16:30:00Z",
    "severity": "LOW"
  },
  "details": "Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.",
  "id": "GHSA-cvj4-9f98-hhj7",
  "modified": "2022-05-02T03:35:48Z",
  "published": "2022-05-02T03:35:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2492"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN86472161/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35534"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/35885"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1668"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Action not permitted

CVE-2009-2492

Vulnerability from cvelistv5

gsd-2009-2492

Vulnerability from gsd

CVE-2009-2492

Vulnerability from jvndb

ghsa-cvj4-9f98-hhj7

Vulnerability from github

Tags