Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5808

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-5808
Last Modified 14 May 2009 01:32:35
Published 02 Jan 2009 01:11:09
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5808

Summary

Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to "application management."

Vulnerable Systems

Application

  • Six Apart Movable Type 4

  • Six Apart Movable Type 4.20

  • Sixapart Movable Type 1.00

  • Sixapart Movable Type 1.1

  • Sixapart Movable Type 1.2

  • Sixapart Movable Type 1.3

  • Sixapart Movable Type 1.31

  • Sixapart Movable Type 1.4

  • Sixapart Movable Type 1.5

  • Sixapart Movable Type 3.01d

  • Sixapart Movable Type 3.0d

  • Sixapart Movable Type 3.1

  • Sixapart Movable Type 3.11

  • Sixapart Movable Type 3.12

  • Sixapart Movable Type 3.14

  • Sixapart Movable Type 3.15

  • Sixapart Movable Type 3.16

  • Sixapart Movable Type 3.17

  • Sixapart Movable Type 3.2

  • Sixapart Movable Type 3.3

  • Sixapart Movable Type 3.32

  • Sixapart Movable Type 3.33

  • Sixapart Movable Type 3.34

  • Sixapart Movable Type 3.35


References

XF - movable-type-unspecified-xss(47019)

BID - 32604

CONFIRM - http://www.movabletype.jp/blog/_movable_type_423.html

SECUNIA - 32935

JVNDB - JVNDB-2008-000067

JVN - JVN#02216739


Last Updated: 27 May 2016 10:48:56