CVE-2010-3921: XSS
First published: Thu Dec 09 2010(Updated: )
Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sixapart Movabletype | =4.33 | |
| Sixapart Movabletype | =4.34 | |
| Sixapart Movabletype | =4.0 | |
| Sixapart Movabletype | =4.1 | |
| Sixapart Movabletype | =4.32 | |
| Sixapart Movabletype | =4.2 | |
| Sixapart Movabletype | =4.26 | |
| Sixapart Movabletype | =4.23 | |
| Sixapart Movabletype | =4.25 | |
| Sixapart Movabletype | =5.02 | |
| Sixapart Movabletype | =4.3 | |
| Sixapart Movabletype | =4.31 | |
| Sixapart Movabletype | =5.01 | |
| Sixapart Movabletype | =5.031 | |
| Sixapart Movabletype | =4.261 | |
| Sixapart Movabletype | =5.0-rc2 | |
| Sixapart Movabletype | =5.03 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html
- http://secunia.com/advisories/42539
- http://jvn.jp/en/jp/JVN36673836/index.html
- http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000060.html
- http://www.vupen.com/english/advisories/2010/3145
- http://www.securitytracker.com/id?1024833
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/description
- agent/type
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sixapart
- canonical/sixapart movabletype
- version/sixapart movabletype/4.33
- version/sixapart movabletype/4.34
- version/sixapart movabletype/4.0
- version/sixapart movabletype/4.1
- version/sixapart movabletype/4.32
- version/sixapart movabletype/4.2
- version/sixapart movabletype/4.26
- version/sixapart movabletype/4.23
- version/sixapart movabletype/4.25
- version/sixapart movabletype/5.02
- version/sixapart movabletype/4.3
- version/sixapart movabletype/4.31
- version/sixapart movabletype/5.01
- version/sixapart movabletype/5.031
- version/sixapart movabletype/4.261
- version/sixapart movabletype/5.0-rc2
- version/sixapart movabletype/5.03