{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.", "title": "Vulnerability Description" } ], "publisher": { "category": "other", "contact_details": "gdt@cpan.org", "name": "giterlizzi", "namespace": "https://github.com/giterlizzi/" }, "references": [ { "category": "self", "summary": "CPANSA-MT-2010-1985 JSON", "url": "https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2010/cpansa-mt-2010-1985.json" }, { "category": "external", "summary": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000017.html", "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000017.html" }, { "category": "external", "summary": "http://www.movabletype.com/blog/2010/05/movable-type-502.html", "url": "http://www.movabletype.com/blog/2010/05/movable-type-502.html" }, { "category": "external", "summary": "http://www.vupen.com/english/advisories/2010/1136", "url": "http://www.vupen.com/english/advisories/2010/1136" }, { "category": "external", "summary": "http://secunia.com/advisories/39741", "url": "http://secunia.com/advisories/39741" }, { "category": "external", "summary": "http://www.movabletype.org/documentation/appendices/release-notes/movable-type-502.html", "url": "http://www.movabletype.org/documentation/appendices/release-notes/movable-type-502.html" }, { "category": "external", "summary": "http://jvn.jp/en/jp/JVN92854093/index.html", "url": "http://jvn.jp/en/jp/JVN92854093/index.html" }, { "category": "external", "summary": "CVE-2010-1985 (NVD)", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1985" } ], "title": "MT vulnerability", "tracking": { "current_release_date": "2010-05-19T00:00:00", "generator": { "engine": { "name": "CSAF Perl Toolkit", "version": "0.26" } }, "id": "CPANSA-MT-2010-1985", "initial_release_date": "2010-05-19T00:00:00", "revision_history": [ { "date": "2010-05-19T00:00:00", "number": "1", "summary": "First release" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:cpan/>=5.0|<=5.01", "product": { "name": "MT greater than or equal 5.0 and less than or equal 5.01", "product_id": "CSAFPID-0001" } } ], "category": "product_name", "name": "MT" } ] }, "vulnerabilities": [ { "cve": "CVE-2010-1985", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" }, "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "scores": [ { "cvss_v2": { "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "CSAFPID-0001" ] } ] } ] }