5.4
CVE-2023-45746
- EPSS 0.11%
- Veröffentlicht 30.10.2023 05:15:09
- Zuletzt bearbeitet 21.11.2024 08:27:17
- Quelle vultures@jpcert.or.jp
- Teams Watchlist Login
- Unerledigt Login
Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sixapart ≫ Movable Type Version < 7.902.0
Sixapart ≫ Movable Type SwEditionadvanced Version < 7.902.0
Sixapart ≫ Movable Type SwEditionpremium Version < 1.59
Sixapart ≫ Movable Type SwEditionpremium_advanced Version < 1.59
Sixapart ≫ Movable Type SwEditionaws Version < 7.902.0
Sixapart ≫ Movable Type SwEditionadvanced_aws Version < 1.59
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.305 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.