Six Apart Movable Type — known CVE vulnerabilities
Every CVE whose affected-product data names Six Apart Movable Type, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2003-0287 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to…
CVE-2007-0231 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows…
CVE-2009-2481 — CVSS 5.8 (medium): mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access…
CVE-2005-3101 — CVSS 5.0 (medium): The password reset feature in Movable Type before 3.2 generates different error messages depending on whether a user exists or not, which…
CVE-2007-3342 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Movable Type (MT) before 3.34 allow remote attackers to inject arbitrary web script…
CVE-2006-5080 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the search function in Six Apart Movable Type 3.3 to 3.32, and Movable Type Enterprise 1.01 and…
CVE-2005-3103 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2008-4079 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x through 4.20, and 3.36 and earlier; Movable Type Enterprise 4.x through…
CVE-2008-5808 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and…
CVE-2008-4634 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in Movable Type 4 through 4.21 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2009-2492 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject…
CVE-2005-3104 — CVSS 2.6 (low): mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments.
CVE-2005-4690 — CVSS 2.1 (low): Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitrary files of certain types (such…