CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2003-0287

Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 78.4%

CVSS Severity

CVSS v2 Score 6.8

References

http://marc.info/?l=bugtraq&m=105276879622636&w=2
http://marc.info/?l=bugtraq&m=105277690132079&w=2
http://marc.info/?l=bugtraq&m=105284589927655&w=2
http://www.securityfocus.com/bid/7560
https://exchange.xforce.ibmcloud.com/vulnerabilities/12003
http://marc.info/?l=bugtraq&m=105276879622636&w=2
http://marc.info/?l=bugtraq&m=105277690132079&w=2
http://marc.info/?l=bugtraq&m=105284589927655&w=2
http://www.securityfocus.com/bid/7560
https://exchange.xforce.ibmcloud.com/vulnerabilities/12003

Products affected by CVE-2003-0287

Six Apart » Movable Type » Version: Any

cpe:2.3:a:six_apart:movable_type:*
Six Apart » Movable Type » Version: 2.63

cpe:2.3:a:six_apart:movable_type:2.63

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2003-0287

Products

Pricing

Contact Us