| ID |
CVE-2025-62499
|
| Sažetak |
Movable Type contains a stored cross-site scripting vulnerability in Edit CategorySet of ContentType page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit CategorySet of ContentType page. |
| Reference |
|
| CVSS |
| Base: | 4.8 |
| Impact: | 2.7 |
| Exploitability: | 1.7 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| NETWORK |
LOW |
HIGH |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| LOW |
LOW |
NONE |
|
| CVSS vektor |
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
| Zadnje važnije ažuriranje |
27-10-2025 - 13:20 |
| Objavljeno |
23-10-2025 - 05:15 |
