jvndb-2009-000020
Vulnerability from jvndb
Published
2009-04-28 16:18
Modified
2009-07-29 12:22
Summary
Movable Type cross-site scripting vulnerability
Details
Movable Type contains a cross-site scripting vulnerability.
Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability.
This vulnerability is a different vulnerability than past reports on JVN.
This vulnerability has been fixed and an updated version (Movable Type 4.25) was released on March 18, 2009.
Masashi Shiraishi reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
The following are also affected by this vulnerability when "global templates" are not initialized.
* Movable Type 4.25 (updated from Movable Type 4.24 (includes Professional and Community Packs))
* Movable Type 4.25 (updated from Movable Type 4.24 Enterprise)
For more information, refer to the vendor's website.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Six Apart, Ltd. | Movable Type |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000020.html",
"dc:date": "2009-07-29T12:22+09:00",
"dcterms:issued": "2009-04-28T16:18+09:00",
"dcterms:modified": "2009-07-29T12:22+09:00",
"description": "Movable Type contains a cross-site scripting vulnerability.\r\n\r\nMovable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability.\r\nThis vulnerability is a different vulnerability than past reports on JVN.\r\n\r\nThis vulnerability has been fixed and an updated version (Movable Type 4.25) was released on March 18, 2009.\r\n\r\nMasashi Shiraishi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.\r\n\r\nThe following are also affected by this vulnerability when \"global templates\" are not initialized.\r\n\r\n * Movable Type 4.25 (updated from Movable Type 4.24 (includes Professional and Community Packs))\r\n * Movable Type 4.25 (updated from Movable Type 4.24 Enterprise)\r\n\r\nFor more information, refer to the vendor\u0027s website.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000020.html",
"sec:cpe": {
"#text": "cpe:/a:sixapart:movable_type",
"@product": "Movable Type",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000020",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN97248625/index.html",
"@id": "JVN#97248625",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2480",
"@id": "CVE-2009-2480",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2480",
"@id": "CVE-2009-2480",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/35534",
"@id": "SA35534",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/35471",
"@id": "35471",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/51329",
"@id": "51329",
"@source": "XF"
},
{
"#text": "http://www.vupen.com/english/advisories/2009/1668",
"@id": "VUPEN/ADV-2009-1668",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Movable Type cross-site scripting vulnerability"
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.