Vulnerability Name:

CVE-2011-5084 (CCN-67666)

Assigned:2011-05-24
Published:2011-05-24
Updated:2018-01-18
Summary:Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2011-5084

Source: CCN
Type: SA44715
Movable Type Two Vulnerabilities

Source: DEBIAN
Type: UNKNOWN
DSA-2423

Source: DEBIAN
Type: DSA-2423
movabletype-opensource -- several vulnerabilities

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html

Source: CCN
Type: Movable Type Web Site
Movable Type 5.05 and 4.36 Release Notes

Source: CCN
Type: OSVDB ID: 73214
Movable Type mt-comment.cgi static Parameter XSS

Source: CCN
Type: BID-47997
Movable Type Unspecified Cross Site Scripting and Security Vulnerabilities

Source: XF
Type: UNKNOWN
movabletype-unspec-xss(67666)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sixapart:movable_type:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.0:beta:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.0:beta5:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.0:beta6:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.0:beta7:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.01:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.01:beta:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.01:beta2:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.01:rc1:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.1:beta:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.1:beta2:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.1:rc1:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.2:rc2:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.2:rc4:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.2:rc5:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.12:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.15:beta1:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.15:beta3:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.15:beta4:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.21:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.22:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.23:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.24:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.25:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.26:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.27:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.28:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.29:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.35:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.36:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.261:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.291:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:4.292:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:sixapart:movable_type:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:5.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:5.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:5.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:5.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:5.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:5.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:5.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:5.01:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:5.02:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:5.03:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:5.04:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:5.05:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:5.031:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:six_apart:movable_type:4:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:5.01:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:14661
    P
    		DSA-2423-1 movabletype-opensource -- several
    2014-06-23
    oval:com.ubuntu.precise:def:20115084000
    V
    		CVE-2011-5084 on Ubuntu 12.04 LTS (precise) - medium.
    2012-04-02
    BACK
    sixapart movable type 4.0
    sixapart movable type 4.0 beta
    sixapart movable type 4.0 beta2
    sixapart movable type 4.0 beta3
    sixapart movable type 4.0 beta4
    sixapart movable type 4.0 beta5
    sixapart movable type 4.0 beta6
    sixapart movable type 4.0 beta7
    sixapart movable type 4.0 rc1
    sixapart movable type 4.0 rc2
    sixapart movable type 4.0 rc3
    sixapart movable type 4.01
    sixapart movable type 4.01 beta
    sixapart movable type 4.01 beta2
    sixapart movable type 4.01 rc1
    sixapart movable type 4.1
    sixapart movable type 4.1 beta
    sixapart movable type 4.1 beta2
    sixapart movable type 4.1 rc1
    sixapart movable type 4.2
    sixapart movable type 4.2 rc2
    sixapart movable type 4.2 rc4
    sixapart movable type 4.2 rc5
    sixapart movable type 4.12
    sixapart movable type 4.15 beta1
    sixapart movable type 4.15 beta3
    sixapart movable type 4.15 beta4
    sixapart movable type 4.21
    sixapart movable type 4.22
    sixapart movable type 4.23
    sixapart movable type 4.24
    sixapart movable type 4.25
    sixapart movable type 4.26
    sixapart movable type 4.27
    sixapart movable type 4.28
    sixapart movable type 4.29
    sixapart movable type 4.35
    sixapart movable type 4.36
    sixapart movable type 4.261
    sixapart movable type 4.291
    sixapart movable type 4.292
    sixapart movable type 5.0
    sixapart movable type 5.0 beta1
    sixapart movable type 5.0 beta2
    sixapart movable type 5.0 beta3
    sixapart movable type 5.0 beta4
    sixapart movable type 5.0 rc1
    sixapart movable type 5.0 rc2
    sixapart movable type 5.0 rc3
    sixapart movable type 5.01
    sixapart movable type 5.02
    sixapart movable type 5.03
    sixapart movable type 5.04
    sixapart movable type 5.05
    sixapart movable type 5.031
    six_apart movable type 4
    sixapart movable type 5.0
    sixapart movable type 5.01