Filtered by vendor Sixapart
Subscribe
Total
47 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0209 | 1 Sixapart | 1 Movable Type | 2013-01-28 | 7.5 HIGH | N/A |
| lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code. | |||||
| CVE-2008-5845 | 1 Sixapart | 1 Movable Type | 2011-09-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View template; a (5) listing screen or (6) edit screen in the CMS app; (7) a TrackBack title, related to the HTML sanitization library; or (8) a user archive name (aka archive title) on a published Community Blog template. | |||||
| CVE-2010-3922 | 1 Sixapart | 1 Movabletype | 2011-01-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-3921 | 1 Sixapart | 1 Movabletype | 2011-01-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1985 | 1 Sixapart | 1 Movable Type | 2010-05-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2009-2492 | 3 Six Apart, Six Apart Ltd, Sixapart | 3 Movable Type, Movable Type, Movable Type | 2009-08-06 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480. | |||||
| CVE-2009-0752 | 1 Sixapart | 1 Movable Type | 2009-03-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Movable Type Pro and Community Solution 4.x before 4.24 has unknown impact and attack vectors, possibly related to the password recovery mechanism. | |||||