5.4
CVE-2023-45746
- EPSS 0.11%
- Published 30.10.2023 05:15:09
- Last modified 21.11.2024 08:27:17
- Source vultures@jpcert.or.jp
- Teams watchlist Login
- Open Login
Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier.
Data is provided by the National Vulnerability Database (NVD)
Sixapart ≫ Movable Type Version < 7.902.0
Sixapart ≫ Movable Type SwEditionadvanced Version < 7.902.0
Sixapart ≫ Movable Type SwEditionpremium Version < 1.59
Sixapart ≫ Movable Type SwEditionpremium_advanced Version < 1.59
Sixapart ≫ Movable Type SwEditionaws Version < 7.902.0
Sixapart ≫ Movable Type SwEditionadvanced_aws Version < 1.59
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.305 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.