Sixapart: >> Movable Type >> 1.31 Security Vulnerabilities
Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a "system-wide entry listing screen."
CVSS Score
4.0
EPSS Score
0.002
Published
2009-01-05
Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to "application management."
CVSS Score
4.3
EPSS Score
0.005
Published
2009-01-02
Page 3