← Back

CVE-2012-0318

nvd nist
Published: Mar 3, 2012Modified: Apr 29, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to inject arbitrary web script or HTML via vectors involving templates, a different issue than CVE-2012-1262.

Affected (120)

Movabletype
4 products
Movable Type Open Source
Movable Type Enterprise
Movable Type Advanced
Movable Type Pro
Configuration A
30 vulnerable
Vulnerable SoftwareAffected Versions
Movabletype
Movable Type Open Source
Up to 4.37
Movable Type Open Source
Version 4.01 beta
Movable Type Open Source
Version 4.0
Movable Type Open Source
Version 4.0 beta
Movable Type Open Source
Version 4.1
Movable Type Open Source
Version 4.1 beta
Movable Type Open Source
Version 4.23
Movable Type Open Source
Version 4.25
Movable Type Open Source
Version 4.261
Movable Type Open Source
Version 4.26
Movable Type Open Source
Version 4.2
Movable Type Open Source
Version 4.2 beta
Movable Type Open Source
Version 4.31
Movable Type Open Source
Version 4.32
Movable Type Open Source
Version 4.33
Movable Type Open Source
Version 4.34
Movable Type Open Source
Version 4.35
Movable Type Open Source
Version 4.361
Movable Type Open Source
Version 4.36
Movable Type Open Source
Version 4.3
Movable Type Open Source
Version 5.02
Movable Type Open Source
Version 5.031
Movable Type Open Source
Version 5.03
Movable Type Open Source
Version 5.04
Movable Type Open Source
Version 5.051
Movable Type Open Source
Version 5.05
Movable Type Open Source
Version 5.06
Movable Type Open Source
Version 5.11
Movable Type Open Source
Version 5.12
Movable Type Open Source
Version 5.1
Configuration B
30 vulnerable
Vulnerable SoftwareAffected Versions
Movabletype
Movable Type Enterprise
Up to 4.37
Movable Type Enterprise
Version 4.01 beta
Movable Type Enterprise
Version 4.0
Movable Type Enterprise
Version 4.0 beta
Movable Type Enterprise
Version 4.1
Movable Type Enterprise
Version 4.1 beta
Movable Type Enterprise
Version 4.23
Movable Type Enterprise
Version 4.25
Movable Type Enterprise
Version 4.261
Movable Type Enterprise
Version 4.26
Movable Type Enterprise
Version 4.2
Movable Type Enterprise
Version 4.2 beta
Movable Type Enterprise
Version 4.31
Movable Type Enterprise
Version 4.32
Movable Type Enterprise
Version 4.33
Movable Type Enterprise
Version 4.34
Movable Type Enterprise
Version 4.35
Movable Type Enterprise
Version 4.361
Movable Type Enterprise
Version 4.36
Movable Type Enterprise
Version 4.3
Movable Type Enterprise
Version 5.02
Movable Type Enterprise
Version 5.031
Movable Type Enterprise
Version 5.03
Movable Type Enterprise
Version 5.04
Movable Type Enterprise
Version 5.051
Movable Type Enterprise
Version 5.05
Movable Type Enterprise
Version 5.06
Movable Type Enterprise
Version 5.11
Movable Type Enterprise
Version 5.12
Movable Type Enterprise
Version 5.1
Configuration C
30 vulnerable
Vulnerable SoftwareAffected Versions
Movabletype
Movable Type Advanced
Up to 4.37
Movable Type Advanced
Version 4.01 beta
Movable Type Advanced
Version 4.0
Movable Type Advanced
Version 4.0 beta
Movable Type Advanced
Version 4.1
Movable Type Advanced
Version 4.1 beta
Movable Type Advanced
Version 4.23
Movable Type Advanced
Version 4.25
Movable Type Advanced
Version 4.261
Movable Type Advanced
Version 4.26
Movable Type Advanced
Version 4.2
Movable Type Advanced
Version 4.2 beta
Movable Type Advanced
Version 4.31
Movable Type Advanced
Version 4.32
Movable Type Advanced
Version 4.33
Movable Type Advanced
Version 4.34
Movable Type Advanced
Version 4.35
Movable Type Advanced
Version 4.361
Movable Type Advanced
Version 4.36
Movable Type Advanced
Version 4.3
Movable Type Advanced
Version 5.02
Movable Type Advanced
Version 5.031
Movable Type Advanced
Version 5.03
Movable Type Advanced
Version 5.04
Movable Type Advanced
Version 5.051
Movable Type Advanced
Version 5.05
Movable Type Advanced
Version 5.06
Movable Type Advanced
Version 5.11
Movable Type Advanced
Version 5.12
Movable Type Advanced
Version 5.1
Configuration D
30 vulnerable
Vulnerable SoftwareAffected Versions
Movabletype
Movable Type Pro
Up to 4.37
Movable Type Pro
Version 4.01 beta
Movable Type Pro
Version 4.0
Movable Type Pro
Version 4.0 beta
Movable Type Pro
Version 4.1
Movable Type Pro
Version 4.1 beta
Movable Type Pro
Version 4.23
Movable Type Pro
Version 4.25
Movable Type Pro
Version 4.261
Movable Type Pro
Version 4.26
Movable Type Pro
Version 4.2
Movable Type Pro
Version 4.2 beta
Movable Type Pro
Version 4.31
Movable Type Pro
Version 4.32
Movable Type Pro
Version 4.33
Movable Type Pro
Version 4.34
Movable Type Pro
Version 4.35
Movable Type Pro
Version 4.361
Movable Type Pro
Version 4.36
Movable Type Pro
Version 4.3
Movable Type Pro
Version 5.02
Movable Type Pro
Version 5.031
Movable Type Pro
Version 5.03
Movable Type Pro
Version 5.04
Movable Type Pro
Version 5.051
Movable Type Pro
Version 5.05
Movable Type Pro
Version 5.06
Movable Type Pro
Version 5.11
Movable Type Pro
Version 5.12
Movable Type Pro
Version 5.1

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (14)

Source: vultures@jpcert.or.jp
Source: vultures@jpcert.or.jp
Source: vultures@jpcert.or.jp
Source: vultures@jpcert.or.jp
PatchVendor Advisory
Source: vultures@jpcert.or.jp
PatchVendor Advisory
Source: vultures@jpcert.or.jp
Source: vultures@jpcert.or.jp
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.