Vulnerability in Sixapart Movable_type

CVE-2012-0320

Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the (1) commenting feature and (2) community script.

EPSS: 0.012 (79.3th percentile) — read the EPSS interpretation.

Affected products

Sixapart Movable_type — versions 4.28, 4.29, 4.36
N/a — versions n/a

References

vultures@jpcert.or.jp (x_refsource_CONFIRM, Patch, Vendor Advisory)
JVN#20083397 (x_refsource_JVN, third-party-advisory)
52138 (vdb-entry, x_refsource_BID)
DSA-2423 (vendor-advisory, x_refsource_DEBIAN)
1026738 (vdb-entry, x_refsource_SECTRACK)
vultures@jpcert.or.jp (x_refsource_CONFIRM, Patch, Vendor Advisory)
JVNDB-2012-000018 (x_refsource_JVNDB, third-party-advisory)