CVE-2022-45113

Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially crafted URL may allow a remote unauthenticated attacker to set a specially crafted URL to the Reset Password page and conduct a phishing attack. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium_advanced:*:*:*
cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*
cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*
cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*
cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*
cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*

Information

Published : 2022-12-06 20:15

Updated : 2022-12-12 07:15


NVD link : CVE-2022-45113

Mitre link : CVE-2022-45113


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

sixapart

  • movable_type