| |
Vulnerability CVE-2007-0604
Published: 2007-01-30 Modified: 2012-02-12
| Description: |
Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry screen," a different vulnerability than CVE-2007-0231. |
CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.8/10 |
6.4/10 |
8.6/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
http://www.sixapart.com/movabletype/beta/distros/MT-3.34-beta-Release-Notes.html
http://osvdb.org/32987
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
