CVE-2003-0287: XSS
First published: Wed May 14 2003(Updated: )
Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Movable Type | <=2.6 | |
| Movable Type | =2.63 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2003-0287?
CVE-2003-0287 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2003-0287?
To fix CVE-2003-0287, upgrade Movable Type to version 2.63 or later, which includes a patch for this vulnerability.
What is the impact of CVE-2003-0287?
The impact of CVE-2003-0287 allows remote attackers to execute arbitrary web scripts or HTML in the context of users visiting the affected site.
Which versions of Movable Type are affected by CVE-2003-0287?
Movable Type versions prior to 2.6 and possibly 2.63 are affected by CVE-2003-0287.
How can I mitigate the risk of CVE-2003-0287?
Mitigating the risk of CVE-2003-0287 includes disabling HTML in comments and applying necessary software updates as recommended.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/six apart
- canonical/movable type
- version/movable type/2.6
- version/movable type/2.63