Vulnerability Name: | CVE-2021-20663 (CCN-197362) | ||||||||||||
Assigned: | 2020-12-17 | ||||||||||||
Published: | 2021-02-24 | ||||||||||||
Updated: | 2021-03-22 | ||||||||||||
Summary: | Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. | ||||||||||||
CVSS v3 Severity: | 6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||||||
Vulnerability Type: | CWE-79 | ||||||||||||
Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2021-20663 Source: CCN Type: JVN#66542874 Multiple cross-site scripting vulnerabilities in Movable Type Source: XF Type: UNKNOWN movabletype-cve202120663-xss(197362) Source: MISC Type: Third Party Advisory https://jvn.jp/en/jp/JVN66542874/index.html Source: CCN Type: Movable Type Web site Movable Type Source: MISC Type: Release Notes, Vendor Advisory https://movabletype.org/news/2021/02/mt-760-676-released.html | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |