Every CVE whose affected-product data names Sixapart Movable Type, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (41)
CVE-2009-0752 — CVSS 10.0 (critical): Unspecified vulnerability in Movable Type Pro and Community Solution 4.x before 4.24 has unknown impact and attack vectors, possibly…
CVE-2026-25776 — CVSS 9.8 (critical): Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl…
CVE-2026-33088 — CVSS 9.8 (critical): Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an attacker to execute an arbitrary SQL…
CVE-2022-38078 — CVSS 9.8 (critical): Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST…
CVE-2021-20837 — CVSS 9.8 (critical): Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7…
CVE-2016-5742 — CVSS 9.8 (critical): SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable…
CVE-2020-5576 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable…
CVE-2020-5577 — CVSS 8.8 (high): Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier…
CVE-2011-5085 — CVSS 7.5 (high): Unspecified vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to read or modify data via unknown…
CVE-2012-0320 — CVSS 7.5 (high): Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified…
CVE-2013-0209 — CVSS 7.5 (high): lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to…
CVE-2013-2184 — CVSS 7.5 (high): Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via…
CVE-2014-9057 — CVSS 7.5 (high): SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote…
CVE-2015-1592 — CVSS 7.5 (high): Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl…
CVE-2022-43660 — CVSS 7.2 (high): Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with…
CVE-2012-0317 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote…
CVE-2022-45113 — CVSS 6.5 (medium): Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially…
CVE-2021-20808 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Search screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable…
CVE-2018-0672 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or…
CVE-2019-6025 — CVSS 6.1 (medium): Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1…
CVE-2020-5528 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and…
CVE-2020-5575 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type…
CVE-2021-20809 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type (Movable Type 7 r.4903 and earlier…
CVE-2021-20810 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Website Management screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series)…
CVE-2021-20811 — CVSS 6.1 (medium): Cross-site scripting vulnerability in List of Assets screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series)…
CVE-2021-20812 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type (Movable Type Advanced 7 r.4903 and earlier (Movable…
CVE-2021-20813 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7…
CVE-2021-20814 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type (Movable Type 7 r.4903 and…
CVE-2021-20815 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series)…
CVE-2022-45122 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7…
CVE-2009-2481 — CVSS 5.8 (medium): mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access…
CVE-2023-45746 — CVSS 5.4 (medium): Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected…
CVE-2020-5669 — CVSS 5.4 (medium): Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier…
CVE-2020-5574 — CVSS 5.3 (medium): HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable…
CVE-2012-1503 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject…
CVE-2008-5845 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary…
CVE-2008-5808 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and…
CVE-2010-1985 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow…
CVE-2011-5084 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary…
CVE-2008-5846 — CVSS 4.0 (medium): Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access…
CVE-2009-2492 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject…