CVE-2007-0231

Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field.

Published: Jan 13, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-0231
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
six_apart / movable_type	3.33	3.33.x

http://golem.ph.utexas.edu/~distler/blog/archives/001102.html
http://osvdb.org/32717
http://secunia.com/advisories/23669
http://www.vupen.com/english/advisories/2007/0142
http://www.zackvision.com/weblog/2007/01/movabletype-security-bug.html

Vulnerability Database

290,476

CVE-2007-0231