← Retour aux CVEs
CVE-2021-20664
MEDIUM6.1
Description
Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
Details CVE
Score CVSS v3.16.1
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie3/5/2021
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
movabletype:movable_typemovabletype:movable_type_advancedmovabletype:movable_type_premiummovabletype:movable_type_premium_advanced
Faiblesses (CWE)
CWE-79
References
https://jvn.jp/en/jp/JVN66542874/index.html(vultures@jpcert.or.jp)
https://movabletype.org/news/2021/02/mt-760-676-released.html(vultures@jpcert.or.jp)
https://jvn.jp/en/jp/JVN66542874/index.html(af854a3a-2127-422b-91ae-364da2661108)
https://movabletype.org/news/2021/02/mt-760-676-released.html(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.