Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0318

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-0318
Last Modified 20 Sep 2012 11:23:47
Published 02 Mar 2012 11:04:57
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0318

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to inject arbitrary web script or HTML via vectors involving templates, a different issue than CVE-2012-1262.

Vulnerable Systems

Application

  • Movabletype Movable Type Advanced 4.0

  • Movabletype Movable Type Advanced 4.01

  • Movabletype Movable Type Advanced 4.1

  • Movabletype Movable Type Advanced 4.2

  • Movabletype Movable Type Advanced 4.23

  • Movabletype Movable Type Advanced 4.25

  • Movabletype Movable Type Advanced 4.26

  • Movabletype Movable Type Advanced 4.261

  • Movabletype Movable Type Advanced 4.3

  • Movabletype Movable Type Advanced 4.31

  • Movabletype Movable Type Advanced 4.32

  • Movabletype Movable Type Advanced 4.33

  • Movabletype Movable Type Advanced 4.34

  • Movabletype Movable Type Advanced 4.35

  • Movabletype Movable Type Advanced 4.36

  • Movabletype Movable Type Advanced 4.361

  • Movabletype Movable Type Advanced 4.37

  • Movabletype Movable Type Advanced 5.02

  • Movabletype Movable Type Advanced 5.03

  • Movabletype Movable Type Advanced 5.031

  • Movabletype Movable Type Advanced 5.04

  • Movabletype Movable Type Advanced 5.05

  • Movabletype Movable Type Advanced 5.051

  • Movabletype Movable Type Advanced 5.06

  • Movabletype Movable Type Advanced 5.1

  • Movabletype Movable Type Advanced 5.11

  • Movabletype Movable Type Advanced 5.12

  • Movabletype Movable Type Enterprise 4.0

  • Movabletype Movable Type Enterprise 4.01

  • Movabletype Movable Type Enterprise 4.1

  • Movabletype Movable Type Enterprise 4.2

  • Movabletype Movable Type Enterprise 4.23

  • Movabletype Movable Type Enterprise 4.25

  • Movabletype Movable Type Enterprise 4.26

  • Movabletype Movable Type Enterprise 4.261

  • Movabletype Movable Type Enterprise 4.3

  • Movabletype Movable Type Enterprise 4.31

  • Movabletype Movable Type Enterprise 4.32

  • Movabletype Movable Type Enterprise 4.33

  • Movabletype Movable Type Enterprise 4.34

  • Movabletype Movable Type Enterprise 4.35

  • Movabletype Movable Type Enterprise 4.36

  • Movabletype Movable Type Enterprise 4.361

  • Movabletype Movable Type Enterprise 4.37

  • Movabletype Movable Type Enterprise 5.02

  • Movabletype Movable Type Enterprise 5.03

  • Movabletype Movable Type Enterprise 5.031

  • Movabletype Movable Type Enterprise 5.04

  • Movabletype Movable Type Enterprise 5.05

  • Movabletype Movable Type Enterprise 5.051

  • Movabletype Movable Type Enterprise 5.06

  • Movabletype Movable Type Enterprise 5.1

  • Movabletype Movable Type Enterprise 5.11

  • Movabletype Movable Type Enterprise 5.12

  • Movabletype Movable Type Open Source 4.0

  • Movabletype Movable Type Open Source 4.01

  • Movabletype Movable Type Open Source 4.1

  • Movabletype Movable Type Open Source 4.2

  • Movabletype Movable Type Open Source 4.23

  • Movabletype Movable Type Open Source 4.25

  • Movabletype Movable Type Open Source 4.26

  • Movabletype Movable Type Open Source 4.261

  • Movabletype Movable Type Open Source 4.3

  • Movabletype Movable Type Open Source 4.31

  • Movabletype Movable Type Open Source 4.32

  • Movabletype Movable Type Open Source 4.33

  • Movabletype Movable Type Open Source 4.34

  • Movabletype Movable Type Open Source 4.35

  • Movabletype Movable Type Open Source 4.36

  • Movabletype Movable Type Open Source 4.361

  • Movabletype Movable Type Open Source 4.37

  • Movabletype Movable Type Open Source 5.02

  • Movabletype Movable Type Open Source 5.03

  • Movabletype Movable Type Open Source 5.031

  • Movabletype Movable Type Open Source 5.04

  • Movabletype Movable Type Open Source 5.05

  • Movabletype Movable Type Open Source 5.051

  • Movabletype Movable Type Open Source 5.06

  • Movabletype Movable Type Open Source 5.1

  • Movabletype Movable Type Open Source 5.11

  • Movabletype Movable Type Open Source 5.12

  • Movabletype Movable Type Pro 4.0

  • Movabletype Movable Type Pro 4.01

  • Movabletype Movable Type Pro 4.1

  • Movabletype Movable Type Pro 4.2

  • Movabletype Movable Type Pro 4.23

  • Movabletype Movable Type Pro 4.25

  • Movabletype Movable Type Pro 4.26

  • Movabletype Movable Type Pro 4.261

  • Movabletype Movable Type Pro 4.3

  • Movabletype Movable Type Pro 4.31

  • Movabletype Movable Type Pro 4.32

  • Movabletype Movable Type Pro 4.33

  • Movabletype Movable Type Pro 4.34

  • Movabletype Movable Type Pro 4.35

  • Movabletype Movable Type Pro 4.36

  • Movabletype Movable Type Pro 4.361

  • Movabletype Movable Type Pro 4.37

  • Movabletype Movable Type Pro 5.02

  • Movabletype Movable Type Pro 5.03

  • Movabletype Movable Type Pro 5.031

  • Movabletype Movable Type Pro 5.04

  • Movabletype Movable Type Pro 5.05

  • Movabletype Movable Type Pro 5.051

  • Movabletype Movable Type Pro 5.06

  • Movabletype Movable Type Pro 5.1

  • Movabletype Movable Type Pro 5.11

  • Movabletype Movable Type Pro 5.12


References

CONFIRM - http://www.movabletype.org/documentation/appendices/release-notes/513.html

CONFIRM - http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html

JVNDB - JVNDB-2012-000016

JVN - JVN#49836527

SECTRACK - 1026738

BID - 52138


Last Updated: 27 May 2016 10:58:20