|
[Japanese]
|
JVNDB-2008-000067
|
Movable Type Enterprise cross-site scripting vulnerability
|
|
Movable Type Enterprise contains a cross-site scripting vulnerability.
Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#30385652 and JVN#81490697.
Yosuke HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
|
|
Base Metrics:
4.3 (Medium)
[IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
Six Apart
- Movable Type 4
- Movable Type 4 Enterprise
- Movable Type 4 Community Solution
- Movable Type 4 (Open Source)
- Movable Type 3
- Movable Type Enterprise 1.5
|
|
An arbitrary script may be executed on an user's web browser.
|
|
[Update the Software]
Update to the latest version of Movable Type Enterprise.
Latest versions as of December 3, 2008 are as follows:
- 1.56 for Movable Type Enterprise 1.x
- 4.23 for Movable Type Enterprise 4.x
|
|
Six Apart
|
|
- JVN : JVN#02216739
- National Vulnerability Database (NVD) : CVE-2008-5808
- Common Vulnerabilities and Exposures (CVE) : CVE-2008-5808
- Secunia Advisory : SA32935
- Common Weakness Enumeration (CWE) : Cross-site scripting (CWE-79) [IPA Evaluation]
- JVN iPedia (Japanese) : JVNDB-2008-000067
|
|
[2008/12/04]
Web page published
|
|
| 2008/12/03 |
| 2008/12/04 |
| 2008/12/04 |
|
