CVE-2012-1262

Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the dbuser parameter, a different vulnerability than CVE-2012-0318.

Published: Mar 3, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-1262
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
movabletype / movable_type_open_source	4.34	4.34.x
movabletype / movable_type_open_source	5.12	5.12.x
movabletype / movable_type_open_source	4.35	4.35.x
movabletype / movable_type_open_source	4.1-beta	4.1-beta.x
movabletype / movable_type_open_source	4.26	4.26.x
movabletype / movable_type_open_source	4.32	4.32.x
movabletype / movable_type_open_source	4.25	4.25.x
movabletype / movable_type_open_source	5.04	5.04.x
movabletype / movable_type_open_source	4.361	4.361.x
movabletype / movable_type_open_source	-	4.37.x
movabletype / movable_type_open_source	4.31	4.31.x
movabletype / movable_type_open_source	4.23	4.23.x
movabletype / movable_type_open_source	5.05	5.05.x
movabletype / movable_type_open_source	5.1	5.1.x
movabletype / movable_type_open_source	4.1	4.1.x
movabletype / movable_type_open_source	4.261	4.261.x
movabletype / movable_type_open_source	4.0-beta	4.0-beta.x
movabletype / movable_type_open_source	4.2-beta	4.2-beta.x
movabletype / movable_type_open_source	4.3	4.3.x
movabletype / movable_type_open_source	5.051	5.051.x
movabletype / movable_type_open_source	5.03	5.03.x
movabletype / movable_type_open_source	4.36	4.36.x
movabletype / movable_type_open_source	4.0	4.0.x
movabletype / movable_type_open_source	5.02	5.02.x
movabletype / movable_type_open_source	5.11	5.11.x
movabletype / movable_type_open_source	4.2	4.2.x
movabletype / movable_type_open_source	5.031	5.031.x
movabletype / movable_type_open_source	5.06	5.06.x
movabletype / movable_type_open_source	4.01-beta	4.01-beta.x
movabletype / movable_type_open_source	4.33	4.33.x
movabletype / movable_type_enterprise	4.0-beta	4.0-beta.x
movabletype / movable_type_enterprise	4.23	4.23.x
movabletype / movable_type_enterprise	4.261	4.261.x
movabletype / movable_type_enterprise	4.32	4.32.x
movabletype / movable_type_enterprise	5.051	5.051.x
movabletype / movable_type_enterprise	4.34	4.34.x
movabletype / movable_type_enterprise	4.35	4.35.x
movabletype / movable_type_enterprise	-	4.37.x
movabletype / movable_type_enterprise	5.05	5.05.x
movabletype / movable_type_enterprise	4.2-beta	4.2-beta.x
movabletype / movable_type_enterprise	5.02	5.02.x
movabletype / movable_type_enterprise	4.1	4.1.x
movabletype / movable_type_enterprise	4.361	4.361.x
movabletype / movable_type_enterprise	4.3	4.3.x
movabletype / movable_type_enterprise	5.04	5.04.x
movabletype / movable_type_enterprise	5.06	5.06.x
movabletype / movable_type_enterprise	4.0	4.0.x
movabletype / movable_type_enterprise	4.36	4.36.x
movabletype / movable_type_enterprise	4.26	4.26.x
movabletype / movable_type_enterprise	4.01-beta	4.01-beta.x
movabletype / movable_type_enterprise	5.12	5.12.x
movabletype / movable_type_enterprise	4.31	4.31.x
movabletype / movable_type_enterprise	4.25	4.25.x
movabletype / movable_type_enterprise	5.1	5.1.x
movabletype / movable_type_enterprise	4.1-beta	4.1-beta.x
movabletype / movable_type_enterprise	4.2	4.2.x
movabletype / movable_type_enterprise	5.11	5.11.x
movabletype / movable_type_enterprise	4.33	4.33.x
movabletype / movable_type_enterprise	5.03	5.03.x
movabletype / movable_type_enterprise	5.031	5.031.x
movabletype / movable_type_advanced	4.26	4.26.x
movabletype / movable_type_advanced	5.02	5.02.x
movabletype / movable_type_advanced	4.35	4.35.x
movabletype / movable_type_advanced	5.11	5.11.x
movabletype / movable_type_advanced	5.051	5.051.x
movabletype / movable_type_advanced	4.36	4.36.x
movabletype / movable_type_advanced	5.06	5.06.x
movabletype / movable_type_advanced	5.1	5.1.x
movabletype / movable_type_advanced	4.25	4.25.x
movabletype / movable_type_advanced	4.31	4.31.x
movabletype / movable_type_advanced	4.33	4.33.x
movabletype / movable_type_advanced	4.2	4.2.x
movabletype / movable_type_advanced	4.23	4.23.x
movabletype / movable_type_advanced	5.04	5.04.x
movabletype / movable_type_advanced	4.01-beta	4.01-beta.x
movabletype / movable_type_advanced	4.0-beta	4.0-beta.x
movabletype / movable_type_advanced	4.1-beta	4.1-beta.x
movabletype / movable_type_advanced	5.05	5.05.x
movabletype / movable_type_advanced	5.031	5.031.x
movabletype / movable_type_advanced	4.32	4.32.x
movabletype / movable_type_advanced	5.12	5.12.x
movabletype / movable_type_advanced	4.361	4.361.x
movabletype / movable_type_advanced	4.0	4.0.x
movabletype / movable_type_advanced	4.1	4.1.x
movabletype / movable_type_advanced	4.261	4.261.x
movabletype / movable_type_advanced	5.03	5.03.x
movabletype / movable_type_advanced	4.34	4.34.x
movabletype / movable_type_advanced	4.3	4.3.x
movabletype / movable_type_advanced	-	4.37.x
movabletype / movable_type_advanced	4.2-beta	4.2-beta.x
movabletype / movable_type_pro	5.11	5.11.x
movabletype / movable_type_pro	4.2-beta	4.2-beta.x
movabletype / movable_type_pro	4.1	4.1.x
movabletype / movable_type_pro	4.23	4.23.x
movabletype / movable_type_pro	4.2	4.2.x
movabletype / movable_type_pro	4.32	4.32.x
movabletype / movable_type_pro	4.261	4.261.x
movabletype / movable_type_pro	5.05	5.05.x
movabletype / movable_type_pro	5.04	5.04.x
movabletype / movable_type_pro	4.1-beta	4.1-beta.x
movabletype / movable_type_pro	4.34	4.34.x
movabletype / movable_type_pro	4.0	4.0.x
movabletype / movable_type_pro	4.3	4.3.x
movabletype / movable_type_pro	-	4.37.x
movabletype / movable_type_pro	5.051	5.051.x
movabletype / movable_type_pro	4.35	4.35.x
movabletype / movable_type_pro	4.33	4.33.x
movabletype / movable_type_pro	5.06	5.06.x
movabletype / movable_type_pro	5.03	5.03.x
movabletype / movable_type_pro	5.031	5.031.x
movabletype / movable_type_pro	4.25	4.25.x
movabletype / movable_type_pro	4.01-beta	4.01-beta.x
movabletype / movable_type_pro	4.31	4.31.x
movabletype / movable_type_pro	4.36	4.36.x
movabletype / movable_type_pro	4.361	4.361.x
movabletype / movable_type_pro	4.26	4.26.x
movabletype / movable_type_pro	5.1	5.1.x
movabletype / movable_type_pro	5.02	5.02.x
movabletype / movable_type_pro	5.12	5.12.x
movabletype / movable_type_pro	4.0-beta	4.0-beta.x

Vulnerability Database

291,049

CVE-2012-1262