← Volver a CVEs

CVE-2021-20809

MEDIUM

6.1

Descripcion

Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

Detalles CVE

Puntuacion CVSS v3.16.1

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioREQUIRED

Publicado8/26/2021

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

sixapart:movable_type

Debilidades (CWE)

CWE-79

Referencias

https://jvn.jp/en/jp/JVN97545738/index.html(vultures@jpcert.or.jp)

https://movabletype.org/news/2021/08/mt-780-681-released.html(vultures@jpcert.or.jp)

https://jvn.jp/en/jp/JVN97545738/index.html(af854a3a-2127-422b-91ae-364da2661108)

https://movabletype.org/news/2021/08/mt-780-681-released.html(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.