Total vulnerabilities in the database
Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View template; a (5) listing screen or (6) edit screen in the CMS app; (7) a TrackBack title, related to the HTML sanitization library; or (8) a user archive name (aka archive title) on a published Community Blog template.
| Software | From | Fixed in |
|---|---|---|
| sixapart / movable_type | 3.15 | 3.15.x |
| sixapart / movable_type | 3.2 | 3.2.x |
| sixapart / movable_type | 3.32 | 3.32.x |
| sixapart / movable_type | 3.16 | 3.16.x |
| sixapart / movable_type | 3.1 | 3.1.x |
| sixapart / movable_type | 3.33 | 3.33.x |
| sixapart / movable_type | 3.14 | 3.14.x |
| sixapart / movable_type | 3.0d | 3.0d.x |
| sixapart / movable_type | 3.11 | 3.11.x |
| sixapart / movable_type | 3.35 | 3.35.x |
| sixapart / movable_type | - | 4.21.x |
| sixapart / movable_type | 4.2 | 4.2.x |
| sixapart / movable_type | 3.17 | 3.17.x |
| sixapart / movable_type | 3.01d | 3.01d.x |
| sixapart / movable_type | 3.12 | 3.12.x |
| sixapart / movable_type | 3.3 | 3.3.x |
| sixapart / movable_type | 3.34 | 3.34.x |