|
[Japanese]
|
JVNDB-2008-000056
|
Movable Type vulnerable to cross-site scripting
|
|
Movable Type contains a cross-site scripting vulnerability.
Movable Type, a web log system from Six Apart, contains a cross-site scripting vulnerability.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under the Information Security Early Warning Partnership.
|
|
CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
|
Six Apart, Ltd.
- Movable Type 3 (version 3.36 and earlier)
- Movable Type (community_solution)
- Movable Type (enterprise) 1.5 (version 1.54 and earlier)
- Movable Type 4 (version 4.20 and earlier)
- Movable Type (enterprise) 4 (version 4.20 and earlier)
|
|
|
An arbitrary script may be executed on some web browsers.
|
|
[Update the Software]
Apply the latest updates provided by the vendor.
|
|
Six Apart, Ltd.
|
|
- Cross-site Scripting(CWE-79) [IPA Evaluation]
|
|
- CVE-2008-4079
|
|
- JVN : JVN#30385652
- National Vulnerability Database (NVD) : CVE-2008-4079
- SecurityFocus : 31073
- JVN iPedia (Japanese) : JVNDB-2008-000056
|
|
- [2008/09/10]
Web page published
|
