Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1262

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1262
Last Modified 20 Sep 2012 11:25:13
Published 02 Mar 2012 11:04:57
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1262

Summary

Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the dbuser parameter, a different vulnerability than CVE-2012-0318.

Vulnerable Systems

Application

  • Movabletype Movable Type Advanced 4.0

  • Movabletype Movable Type Advanced 4.01

  • Movabletype Movable Type Advanced 4.1

  • Movabletype Movable Type Advanced 4.2

  • Movabletype Movable Type Advanced 4.23

  • Movabletype Movable Type Advanced 4.25

  • Movabletype Movable Type Advanced 4.26

  • Movabletype Movable Type Advanced 4.261

  • Movabletype Movable Type Advanced 4.3

  • Movabletype Movable Type Advanced 4.31

  • Movabletype Movable Type Advanced 4.32

  • Movabletype Movable Type Advanced 4.33

  • Movabletype Movable Type Advanced 4.34

  • Movabletype Movable Type Advanced 4.35

  • Movabletype Movable Type Advanced 4.36

  • Movabletype Movable Type Advanced 4.361

  • Movabletype Movable Type Advanced 4.37

  • Movabletype Movable Type Advanced 5.02

  • Movabletype Movable Type Advanced 5.03

  • Movabletype Movable Type Advanced 5.031

  • Movabletype Movable Type Advanced 5.04

  • Movabletype Movable Type Advanced 5.05

  • Movabletype Movable Type Advanced 5.051

  • Movabletype Movable Type Advanced 5.06

  • Movabletype Movable Type Advanced 5.1

  • Movabletype Movable Type Advanced 5.11

  • Movabletype Movable Type Advanced 5.12

  • Movabletype Movable Type Enterprise 4.0

  • Movabletype Movable Type Enterprise 4.01

  • Movabletype Movable Type Enterprise 4.1

  • Movabletype Movable Type Enterprise 4.2

  • Movabletype Movable Type Enterprise 4.23

  • Movabletype Movable Type Enterprise 4.25

  • Movabletype Movable Type Enterprise 4.26

  • Movabletype Movable Type Enterprise 4.261

  • Movabletype Movable Type Enterprise 4.3

  • Movabletype Movable Type Enterprise 4.31

  • Movabletype Movable Type Enterprise 4.32

  • Movabletype Movable Type Enterprise 4.33

  • Movabletype Movable Type Enterprise 4.34

  • Movabletype Movable Type Enterprise 4.35

  • Movabletype Movable Type Enterprise 4.36

  • Movabletype Movable Type Enterprise 4.361

  • Movabletype Movable Type Enterprise 4.37

  • Movabletype Movable Type Enterprise 5.02

  • Movabletype Movable Type Enterprise 5.03

  • Movabletype Movable Type Enterprise 5.031

  • Movabletype Movable Type Enterprise 5.04

  • Movabletype Movable Type Enterprise 5.05

  • Movabletype Movable Type Enterprise 5.051

  • Movabletype Movable Type Enterprise 5.06

  • Movabletype Movable Type Enterprise 5.1

  • Movabletype Movable Type Enterprise 5.11

  • Movabletype Movable Type Enterprise 5.12

  • Movabletype Movable Type Open Source 4.0

  • Movabletype Movable Type Open Source 4.01

  • Movabletype Movable Type Open Source 4.1

  • Movabletype Movable Type Open Source 4.2

  • Movabletype Movable Type Open Source 4.23

  • Movabletype Movable Type Open Source 4.25

  • Movabletype Movable Type Open Source 4.26

  • Movabletype Movable Type Open Source 4.261

  • Movabletype Movable Type Open Source 4.3

  • Movabletype Movable Type Open Source 4.31

  • Movabletype Movable Type Open Source 4.32

  • Movabletype Movable Type Open Source 4.33

  • Movabletype Movable Type Open Source 4.34

  • Movabletype Movable Type Open Source 4.35

  • Movabletype Movable Type Open Source 4.36

  • Movabletype Movable Type Open Source 4.361

  • Movabletype Movable Type Open Source 4.37

  • Movabletype Movable Type Open Source 5.02

  • Movabletype Movable Type Open Source 5.03

  • Movabletype Movable Type Open Source 5.031

  • Movabletype Movable Type Open Source 5.04

  • Movabletype Movable Type Open Source 5.05

  • Movabletype Movable Type Open Source 5.051

  • Movabletype Movable Type Open Source 5.06

  • Movabletype Movable Type Open Source 5.1

  • Movabletype Movable Type Open Source 5.11

  • Movabletype Movable Type Open Source 5.12

  • Movabletype Movable Type Pro 4.0

  • Movabletype Movable Type Pro 4.01

  • Movabletype Movable Type Pro 4.1

  • Movabletype Movable Type Pro 4.2

  • Movabletype Movable Type Pro 4.23

  • Movabletype Movable Type Pro 4.25

  • Movabletype Movable Type Pro 4.26

  • Movabletype Movable Type Pro 4.261

  • Movabletype Movable Type Pro 4.3

  • Movabletype Movable Type Pro 4.31

  • Movabletype Movable Type Pro 4.32

  • Movabletype Movable Type Pro 4.33

  • Movabletype Movable Type Pro 4.34

  • Movabletype Movable Type Pro 4.35

  • Movabletype Movable Type Pro 4.36

  • Movabletype Movable Type Pro 4.361

  • Movabletype Movable Type Pro 4.37

  • Movabletype Movable Type Pro 5.02

  • Movabletype Movable Type Pro 5.03

  • Movabletype Movable Type Pro 5.031

  • Movabletype Movable Type Pro 5.04

  • Movabletype Movable Type Pro 5.05

  • Movabletype Movable Type Pro 5.051

  • Movabletype Movable Type Pro 5.06

  • Movabletype Movable Type Pro 5.1

  • Movabletype Movable Type Pro 5.11

  • Movabletype Movable Type Pro 5.12


References

MISC - https://www.trustwave.com/spiderlabs/advisories/TWSL2012-003.txt

CONFIRM - http://www.movabletype.org/documentation/appendices/release-notes/513.html

CONFIRM - http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html

JVNDB - JVNDB-2012-000016

JVN - JVN#49836527

XF - movable-type-publishing-mtwizard-xss(73480)

XF - movable-type-mtwizard-xss(73411)

SECTRACK - 1026738

BID - 52138

FULLDISC - 20120224 TWSL2012-003: Cross-Site Scripting Vulnerability in Movable Type Publishing Platform

MISC - http://packetstormsecurity.org/files/110203/Movable-Type-Publishing-Platform-Cross-Site-Scripting.html

OSVDB - 79470


Last Updated: 27 May 2016 10:58:20