| Max CVSS | 7.5 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-1497 | 4.0 |
The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by levera
|
18-01-2018 - 02:29 | 03-03-2012 - 04:04 | |
| CVE-2012-1262 | 4.3 |
Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via t
|
18-01-2018 - 02:29 | 03-03-2012 - 04:04 | |
| CVE-2012-0320 | 7.5 |
Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the (1) commenting feature and (2) community script.
|
18-01-2018 - 02:29 | 03-03-2012 - 04:04 | |
| CVE-2012-0317 | 6.8 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting
|
18-01-2018 - 02:29 | 03-03-2012 - 04:04 | |
| CVE-2012-0319 | 6.5 |
The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an "OS Command Injection" issue.
|
18-01-2018 - 02:29 | 03-03-2012 - 04:04 | |
| CVE-2012-0318 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to inject arbitrary web script or HTML via vectors involving templates, a different issue than CVE-2012-126
|
18-01-2018 - 02:29 | 03-03-2012 - 04:04 |