CVE-2008-5808

Sažetak

Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to "application management."

Reference

http://jvn.jp/en/jp/JVN02216739/index.html
http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000067.html
http://secunia.com/advisories/32935
http://www.movabletype.jp/blog/_movable_type_423.html
http://www.securityfocus.com/bid/32604
https://exchange.xforce.ibmcloud.com/vulnerabilities/47019

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

08-08-2017 - 01:33

Objavljeno

02-01-2009 - 18:11