Refine your search
8 vulnerabilities found for Movable Type Advanced by Six Apart, Ltd.
jvndb-2026-000050
Vulnerability from jvndb
Published
2026-04-08 16:15
Modified
2026-04-08 16:15
Severity ?
Summary
Multiple vulnerabilities in Movable Type
Details
The Listing Framework of Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below.<a href='https://cwe.mitre.org/data/definitions/94.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/89.html' target='_blank'></a><ul><li>Code injection (CWE-94) - CVE-2026-25776</li><li>SQL injection (CWE-89) - CVE-2026-33088</li></ul>CVE-2026-25776
Sho Odagiri of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Six Apart Ltd. and coordinated. After the coordination was completed, Six Apart Ltd. reported the case to JPCERT/CC to notify users of the solution through JVN.
CVE-2026-33088
Six Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
|
|
||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000050.html",
"dc:date": "2026-04-08T16:15+09:00",
"dcterms:issued": "2026-04-08T16:15+09:00",
"dcterms:modified": "2026-04-08T16:15+09:00",
"description": "The Listing Framework of Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/94.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/89.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eCode injection (CWE-94) - CVE-2026-25776\u003c/li\u003e\u003cli\u003eSQL injection (CWE-89) - CVE-2026-33088\u003c/li\u003e\u003c/ul\u003eCVE-2026-25776\r\nSho Odagiri of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Six Apart Ltd. and coordinated. After the coordination was completed, Six Apart Ltd. reported the case to JPCERT/CC to notify users of the solution through JVN.\r\n\r\nCVE-2026-33088\r\nSix Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000050.html",
"sec:cpe": [
{
"#text": "cpe:/a:sixapart:movable_type",
"@product": "Movable Type",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_advanced",
"@product": "Movable Type Advanced",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium",
"@product": "Movable Type Premium",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium_advanced",
"@product": "Movable Type Premium (Advanced Edition)",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium_mt8base",
"@product": "Movable Type Premium MT8-based",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000050",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN66473735/index.html",
"@id": "JVN#66473735",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-25776",
"@id": "CVE-2026-25776",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-33088",
"@id": "CVE-2026-33088",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
}
],
"title": "Multiple vulnerabilities in Movable Type"
}
jvndb-2026-000020
Vulnerability from jvndb
Published
2026-02-04 16:15
Modified
2026-02-04 16:15
Severity ?
Summary
Multiple vulnerabilities in Movable Type
Details
Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below.<ul><li>Stored cross-site scripting vulnerability in Edit Comment (CWE-79) - CVE-2026-21393</li><li>Stored cross-site scripting vulnerability in Export Sites (CWE-79) - CVE-2026-22875</li><li>Unrestricted upload of file with dangerous type (CWE-434) - CVE-2026-23704</li><li>Improper neutralization of formula elements in a CSV file (CWE-1236) - CVE-2026-24447</li></ul>CVE-2026-21393, CVE-2026-22875
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.
CVE-2026-23704, CVE-2026-24447
Six Apart Ltd. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000020.html",
"dc:date": "2026-02-04T16:15+09:00",
"dcterms:issued": "2026-02-04T16:15+09:00",
"dcterms:modified": "2026-02-04T16:15+09:00",
"description": "Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eStored cross-site scripting vulnerability in Edit Comment (CWE-79) - CVE-2026-21393\u003c/li\u003e\u003cli\u003eStored cross-site scripting vulnerability in Export Sites (CWE-79) - CVE-2026-22875\u003c/li\u003e\u003cli\u003eUnrestricted upload of file with dangerous type (CWE-434) - CVE-2026-23704\u003c/li\u003e\u003cli\u003eImproper neutralization of formula elements in a CSV file (CWE-1236) - CVE-2026-24447\u003c/li\u003e\u003c/ul\u003eCVE-2026-21393, CVE-2026-22875\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.\r\n\r\nCVE-2026-23704, CVE-2026-24447\r\nSix Apart Ltd. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nJPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000020.html",
"sec:cpe": [
{
"#text": "cpe:/a:sixapart:movable_type",
"@product": "Movable Type",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_advanced",
"@product": "Movable Type Advanced",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium",
"@product": "Movable Type Premium",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium_advanced",
"@product": "Movable Type Premium (Advanced Edition)",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000020",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN45405689/index.html",
"@id": "JVN#45405689",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-21393",
"@id": "CVE-2026-21393",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-22875",
"@id": "CVE-2026-22875",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-23704",
"@id": "CVE-2026-23704",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-24447",
"@id": "CVE-2026-24447",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in Movable Type"
}
jvndb-2025-000090
Vulnerability from jvndb
Published
2025-10-22 13:54
Modified
2025-10-22 13:54
Severity ?
Summary
Multiple stored cross-site scripting vulnerabilities in Movable Type
Details
Movable Type provided by Six Apart Ltd. contains multiple stored cross-site scripting vulnerabilities listed below.
<ul>
<li>Stored cross-site scripting vulnerability in Edit ContentData page (CWE-79) - CVE-2025-54856</li>
<li>Stored cross-site scripting vulnerability in Edit CategorySet of ContentType page (CWE-79) - CVE-2025-62499</li>
</ul>
Six Apart Ltd. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000090.html",
"dc:date": "2025-10-22T13:54+09:00",
"dcterms:issued": "2025-10-22T13:54+09:00",
"dcterms:modified": "2025-10-22T13:54+09:00",
"description": "Movable Type provided by Six Apart Ltd. contains multiple stored cross-site scripting vulnerabilities listed below.\r\n\u003cul\u003e\r\n\u003cli\u003eStored cross-site scripting vulnerability in Edit ContentData page (CWE-79) - CVE-2025-54856\u003c/li\u003e\r\n\u003cli\u003eStored cross-site scripting vulnerability in Edit CategorySet of ContentType page (CWE-79) - CVE-2025-62499\u003c/li\u003e\r\n\u003c/ul\u003e\r\nSix Apart Ltd. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.\r\nJPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000090.html",
"sec:cpe": [
{
"#text": "cpe:/a:sixapart:movable_type",
"@product": "Movable Type",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_advanced",
"@product": "Movable Type Advanced",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium",
"@product": "Movable Type Premium",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium_advanced",
"@product": "Movable Type Premium (Advanced Edition)",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000090",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN24333679/index.html",
"@id": "JVN#24333679",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-54856",
"@id": "CVE-2025-54856",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-62499",
"@id": "CVE-2025-62499",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple stored cross-site scripting vulnerabilities in Movable Type"
}
jvndb-2025-000061
Vulnerability from jvndb
Published
2025-08-20 15:30
Modified
2025-08-20 15:30
Severity ?
Summary
Multiple vulnerabilities in Movable Type
Details
Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below.
<ul><li>Use of less trusted source (CWE-348) - CVE-2025-53522</li>
<li>Open redirect (CWE-601) - CVE-2025-55706</li></ul>
Six Apart Ltd. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000061.html",
"dc:date": "2025-08-20T15:30+09:00",
"dcterms:issued": "2025-08-20T15:30+09:00",
"dcterms:modified": "2025-08-20T15:30+09:00",
"description": "Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eUse of less trusted source (CWE-348) - CVE-2025-53522\u003c/li\u003e\r\n\u003cli\u003eOpen redirect (CWE-601) - CVE-2025-55706\u003c/li\u003e\u003c/ul\u003e\r\nSix Apart Ltd. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.\r\nJPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000061.html",
"sec:cpe": [
{
"#text": "cpe:/a:sixapart:movable_type",
"@product": "Movable Type",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_advanced",
"@product": "Movable Type Advanced",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium",
"@product": "Movable Type Premium",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium_advanced",
"@product": "Movable Type Premium (Advanced Edition)",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000061",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN76729865/index.html",
"@id": "JVN#76729865",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-53522",
"@id": "CVE-2025-53522",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-55706",
"@id": "CVE-2025-55706",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in Movable Type"
}
jvndb-2025-000014
Vulnerability from jvndb
Published
2025-02-19 16:19
Modified
2025-02-19 16:19
Severity ?
Summary
Multiple cross-site scripting vulnerabilities in Movable Type
Details
Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below.
<ul><li>Stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor (CWE-79) - CVE-2025-22888</li>
<li>Stored cross-site scripting vulnerability in the HTML edit mode of MT Block Editor (CWE-79) - CVE-2025-24841</li>
<ul><li>affected when TinyMCE6 is used as a rich text editor</li></ul>
<li>Reflected cross-site scripting vulnerability in the user information edit page (CWE-79) - CVE-2025-25054</li>
<ul><li>affected when Multi-Factor authentication plugin for Sign-in is enabled</li></ul></ul>
LEE BEOMSEOK of KOIWAI DAIRY PRODUCTS CO., LTD. found and reported CVE-2025-25054 to Six Apart Ltd. directly.
Six Apart Ltd. found CVE-2025-22888 and CVE-2025-24841.
Six Apart Ltd. coordinated with JPCERT/CC to notify users of the solution through JVN.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000014.html",
"dc:date": "2025-02-19T16:19+09:00",
"dcterms:issued": "2025-02-19T16:19+09:00",
"dcterms:modified": "2025-02-19T16:19+09:00",
"description": "Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eStored cross-site scripting vulnerability in the custom block edit page of MT Block Editor (CWE-79) - CVE-2025-22888\u003c/li\u003e\r\n\u003cli\u003eStored cross-site scripting vulnerability in the HTML edit mode of MT Block Editor (CWE-79) - CVE-2025-24841\u003c/li\u003e\r\n\u003cul\u003e\u003cli\u003eaffected when TinyMCE6 is used as a rich text editor\u003c/li\u003e\u003c/ul\u003e\r\n\u003cli\u003eReflected cross-site scripting vulnerability in the user information edit page (CWE-79) - CVE-2025-25054\u003c/li\u003e\r\n\u003cul\u003e\u003cli\u003eaffected when Multi-Factor authentication plugin for Sign-in is enabled\u003c/li\u003e\u003c/ul\u003e\u003c/ul\u003e\r\n\r\nLEE BEOMSEOK of KOIWAI DAIRY PRODUCTS CO., LTD. found and reported CVE-2025-25054 to Six Apart Ltd. directly.\r\nSix Apart Ltd. found CVE-2025-22888 and CVE-2025-24841.\r\nSix Apart Ltd. coordinated with JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000014.html",
"sec:cpe": [
{
"#text": "cpe:/a:sixapart:movable_type",
"@product": "Movable Type",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_advanced",
"@product": "Movable Type Advanced",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium",
"@product": "Movable Type Premium",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium_advanced",
"@product": "Movable Type Premium (Advanced Edition)",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000014",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN48742353/index.html",
"@id": "JVN#48742353",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-22888",
"@id": "CVE-2025-22888",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-24841",
"@id": "CVE-2025-24841",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-25054",
"@id": "CVE-2025-25054",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple cross-site scripting vulnerabilities in Movable Type"
}
jvndb-2023-000105
Vulnerability from jvndb
Published
2023-10-25 15:18
Modified
2024-05-10 17:47
Severity ?
Summary
Movable Type vulnerable to cross-site scripting
Details
Movable Type provided by Six Apart Ltd. contains a cross-site scripting vulnerability (CWE-79).
Six Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000105.html",
"dc:date": "2024-05-10T17:47+09:00",
"dcterms:issued": "2023-10-25T15:18+09:00",
"dcterms:modified": "2024-05-10T17:47+09:00",
"description": "Movable Type provided by Six Apart Ltd. contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nSix Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000105.html",
"sec:cpe": [
{
"#text": "cpe:/a:sixapart:movable_type",
"@product": "Movable Type",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_advanced",
"@product": "Movable Type Advanced",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium",
"@product": "Movable Type Premium",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium_advanced",
"@product": "Movable Type Premium (Advanced Edition)",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000105",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN39139884/index.html",
"@id": "JVN#39139884",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-45746",
"@id": "CVE-2023-45746",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-45746",
"@id": "CVE-2023-45746",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Movable Type vulnerable to cross-site scripting"
}
jvndb-2021-000017
Vulnerability from jvndb
Published
2021-02-24 15:20
Modified
2021-02-24 15:20
Severity ?
Summary
Multiple cross-site scripting vulnerabilities in Movable Type
Details
Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below.
*Cross-site scripting vulnerability in Role authority setting screen (CWE-79) - CVE-2021-20663
*Cross-site scripting vulnerability in Asset registration screen (CWE-79) - CVE-2021-20664
*Cross-site scripting vulnerability in Add asset screen of Contents field (CWE-79) - CVE-2021-20665
Six Apart Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000017.html",
"dc:date": "2021-02-24T15:20+09:00",
"dcterms:issued": "2021-02-24T15:20+09:00",
"dcterms:modified": "2021-02-24T15:20+09:00",
"description": "Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below.\r\n*Cross-site scripting vulnerability in Role authority setting screen (CWE-79) - CVE-2021-20663\r\n*Cross-site scripting vulnerability in Asset registration screen (CWE-79) - CVE-2021-20664\r\n*Cross-site scripting vulnerability in Add asset screen of Contents field (CWE-79) - CVE-2021-20665\r\n\r\nSix Apart Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000017.html",
"sec:cpe": [
{
"#text": "cpe:/a:sixapart:movable_type",
"@product": "Movable Type",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_advanced",
"@product": "Movable Type Advanced",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium",
"@product": "Movable Type Premium",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium_advanced",
"@product": "Movable Type Premium (Advanced Edition)",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000017",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN66542874/index.html",
"@id": "JVN#66542874",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20663",
"@id": "CVE-2021-20663",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20664",
"@id": "CVE-2021-20664",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20665",
"@id": "CVE-2021-20665",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20663",
"@id": "CVE-2021-20663",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20664",
"@id": "CVE-2021-20664",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20665",
"@id": "CVE-2021-20665",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple cross-site scripting vulnerabilities in Movable Type"
}
jvndb-2020-000009
Vulnerability from jvndb
Published
2020-02-06 12:29
Modified
2020-02-06 12:29
Severity ?
Summary
Movable Type vulnerable to cross-site scripting
Details
Movable Type provided by Six Apart Ltd. contains a cross-site scripting vulnerability (CWE-79) in block editor and rich text editor.
Six Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000009.html",
"dc:date": "2020-02-06T12:29+09:00",
"dcterms:issued": "2020-02-06T12:29+09:00",
"dcterms:modified": "2020-02-06T12:29+09:00",
"description": "Movable Type provided by Six Apart Ltd. contains a cross-site scripting vulnerability (CWE-79) in block editor and rich text editor.\r\n\r\nSix Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000009.html",
"sec:cpe": [
{
"#text": "cpe:/a:sixapart:movable_type",
"@product": "Movable Type",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_advanced",
"@product": "Movable Type Advanced",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium",
"@product": "Movable Type Premium",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sixapart:movable_type_premium_advanced",
"@product": "Movable Type Premium (Advanced Edition)",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000009",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN94435544/index.html",
"@id": "JVN#94435544",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5528",
"@id": "CVE-2020-5528",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5528",
"@id": "CVE-2020-5528",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Movable Type vulnerable to cross-site scripting"
}