mailing list archives
CVE Request: cross-site scripting vulnerabilities in movable type 6.0.1, 5.2.9, and 5.161
From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 6 Jan 2014 06:49:04 +0100
A movable type update to 6.0.1, 5.29 and 5.161 fixes cross-site
scripting attacks, from the announcement:
The Rich Text Editor in previous versions of Movable Type 6 and
Movable Type 5 are susceptible to cross-site scripting (XSS) attacks.
client browser when that page or entry is subsequently displayed in
the Rich Text Editor.
These vulnerabilities were reported by a member of the Movable Type
community, and were kept confidential until the release of the updated
versions of Movable Type.
Looking trough the git repository at , there is at least  which
seems to indicate the fix for the 5.2.x branch (I cannot say tough if
this the complete one).
Debian Bugtracker reference is at .
Is there enough information to identify the vulnerability and to get a
CVE assigned for this issue?
- CVE Request: cross-site scripting vulnerabilities in movable type 6.0.1, 5.2.9, and 5.161 Salvatore Bonaccorso (Jan 06)