Vulnerability Details CVE-2021-20665
Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.6%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2021-20665
-
cpe:2.3:a:movabletype:movable_type:*
-
cpe:2.3:a:movabletype:movable_type_advanced:*
-
cpe:2.3:a:movabletype:movable_type_premium:*
-
cpe:2.3:a:movabletype:movable_type_premium_advanced:*