XSS in Sixapart Movable_type

CVE-2012-1503

Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.069 (91.5th percentile) — read the EPSS interpretation.

Affected products

Sixapart Movable_type — versions 5.13
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

22151 (Exploit, exploit, x_refsource_EXPLOIT-DB)
86729 (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (Exploit, x_refsource_MISC)
56160 (Exploit, vdb-entry, x_refsource_BID)
movabletype-mt513en-xss(79521) (vdb-entry, x_refsource_XF)
cve@mitre.org (Exploit, x_refsource_MISC)