CVE-2005-3103

Properties

Published:
27.09.2005
Updated:
21.09.2006
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:N/I:C/A:N/B:N) Approximated
    Product:
    Six Apart: Movable Type

    Vulnerability description

    Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 allows remote attackers to inject arbitrary web script or HTML via the (1) title, (2) category, (3) body, (4) extended body, and (5) excerpt form fields in new blog entries.

    References:

    SECUNIA: http://secunia.com/advisories/16899
    FULLDISC: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html