| Vulnerability Name: | CVE-2007-0231 (CCN-31426) | ||||||||
| Assigned: | 2007-01-05 | ||||||||
| Published: | 2007-01-05 | ||||||||
| Updated: | 2011-03-08 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field. | ||||||||
| CVSS v3 Severity: | 4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-0231 Source: MISC Type: Vendor Advisory http://golem.ph.utexas.edu/~distler/blog/archives/001102.html Source: OSVDB Type: UNKNOWN 32717 Source: CCN Type: SA23669 Movable Type "nofollow" Plugin Comment Script Insertion Source: SECUNIA Type: UNKNOWN 23669 Source: CCN Type: OSVDB ID: 32717 Movable Type nofollow Plugin Comment Field XSS Source: CCN Type: OSVDB ID: 32987 Movable Type MTCommentPreviewIsStatic Tag XSS Source: CCN Type: OSVDB ID: 32988 Movable Type Complex Script Tag IE6 XSS Source: CCN Type: OSVDB ID: 38621 Movable Type Comment Multiple Method XSS Source: CCN Type: BID-21999 Movable Type Cross Site Scripting Vulnerability Source: CCN Type: Movable Type Web site Movable Type Source: VUPEN Type: UNKNOWN ADV-2007-0142 Source: CCN Type: Procrastination Blog, Friday, January 05, 2007 Movable Type Security Bug Source: MISC Type: Vendor Advisory http://www.zackvision.com/weblog/2007/01/movabletype-security-bug.html Source: XF Type: UNKNOWN movabletype-comments-xss(31426) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||