Sixapart

sixapart

48 CVEs • 3 products

Products (3)

Click to collapse

Toggle

Movable Type Open Source

movable_type_open_source

CVEs (48)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2010-3921 1Sixapart 1Movabletype Apr 29, 2026 Dec 9, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1985 1Sixapart 1Movable Type Apr 29, 2026 May 19, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2009-2492 3Six Apart Six Apart LtdSixapart 3Movable Type Movable TypeMovable Type Apr 23, 2026 Jul 17, 2009 N/A· v4 N/A· v3 2.6 LOW· v2 Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-...Show more Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.Show less
CVE-2009-2481 2Six Apart Sixapart 2Movable Type Movable Type Apr 23, 2026 Jul 16, 2009 N/A· v4 N/A· v3 5.8 MEDIUM· v2 mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive in...Show more mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors.Show less
CVE-2009-0752 1Sixapart 1Movable Type Apr 23, 2026 Mar 3, 2009 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified vulnerability in Movable Type Pro and Community Solution 4.x before 4.24 has unknown impact and attack vectors, possibly related to the password recovery mechanism.
CVE-2008-5846 1Sixapart 1Movable Type Apr 23, 2026 Jan 5, 2009 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a "system-wide entry listing screen."
CVE-2008-5845 1Sixapart 1Movable Type Apr 23, 2026 Jan 5, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) M...Show more Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View template; a (5) listing screen or (6) edit screen in the CMS app; (7) a TrackBack title, related to the HTML sanitization library; or (8) a user archive name (aka archive title) on a published Community Blog template.Show less
CVE-2008-5808 2Six Apart Sixapart 2Movable Type Movable Type Apr 23, 2026 Jan 2, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x b...Show more Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to "application management."Show less