6.5
CVE-2022-45113
- EPSS 0.12%
- Published 07.12.2022 04:15:11
- Last modified 23.04.2025 16:15:27
- Source vultures@jpcert.or.jp
- Teams watchlist Login
- Open Login
Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially crafted URL may allow a remote unauthenticated attacker to set a specially crafted URL to the Reset Password page and conduct a phishing attack. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.
Data is provided by the National Vulnerability Database (NVD)
Sixapart ≫ Movable Type SwEditionpremium Version <= 1.53
Sixapart ≫ Movable Type SwEditionpremium_advanced Version <= 1.53
Sixapart ≫ Movable Type SwEdition- Version >= 6.0 < 6.8.7
Sixapart ≫ Movable Type SwEditionadvanced Version >= 6.0 < 6.8.7
Sixapart ≫ Movable Type SwEdition- Version >= 7.0 < 7.9.6
Sixapart ≫ Movable Type SwEditionadvanced Version >= 7.0 < 7.9.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.326 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.