Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) Vulnerability

Summary

Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier suffers from improper neutralization of special elements in output used by a downstream component (‘Injection’) vulnerability

Credit:

The information has been provided by Vendor

The original article can be found at:https://movabletype.org/news/2020/05/mt-730-660-6312-released.html


Details

HTML attribute value injection vulnerability in Movable Type series allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors.

 

Vulnerable Systems:

Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier 

Movable Type Advanced 7 r.4606 (7.2.1) and earlier

Movable Type for AWS 7 r.4606 (7.2.1) and earlier

Movable Type 6.5.3 and earlier

Movable Type Advanced 6.5.3 and earlier 

Movable Type 6.3.11 and earlier 

Movable Type Advanced 6.3.11 and earlier 

Movable Type Premium 1.29 and earlier

Movable Type Premium Advanced 1.29 and earlier

 

CVE Information:

CVE-2020-5574

 

Disclosure Timeline:
Published Date:5/13/2020

Categories: News