{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.", "title": "Vulnerability Description" } ], "publisher": { "category": "other", "contact_details": "gdt@cpan.org", "name": "giterlizzi", "namespace": "https://github.com/giterlizzi/" }, "references": [ { "category": "self", "summary": "CPANSA-MT-2012-1503 JSON", "url": "https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2014/cpansa-mt-2012-1503.json" }, { "category": "external", "summary": "http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html", "url": "http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html" }, { "category": "external", "summary": "http://packetstormsecurity.org/files/117564/Movable-Type-Pro-5.13en-Cross-Site-Scripting.html", "url": "http://packetstormsecurity.org/files/117564/Movable-Type-Pro-5.13en-Cross-Site-Scripting.html" }, { "category": "external", "summary": "http://www.exploit-db.com/exploits/22151", "url": "http://www.exploit-db.com/exploits/22151" }, { "category": "external", "summary": "http://osvdb.org/show/osvdb/86729", "url": "http://osvdb.org/show/osvdb/86729" }, { "category": "external", "summary": "http://www.securityfocus.com/bid/56160", "url": "http://www.securityfocus.com/bid/56160" }, { "category": "external", "summary": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79521", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79521" }, { "category": "external", "summary": "CVE-2012-1503 (NVD)", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1503" } ], "title": "MT vulnerability", "tracking": { "current_release_date": "2014-08-29T00:00:00", "generator": { "engine": { "name": "CSAF Perl Toolkit", "version": "0.26" } }, "id": "CPANSA-MT-2012-1503", "initial_release_date": "2014-08-29T00:00:00", "revision_history": [ { "date": "2014-08-29T00:00:00", "number": "1", "summary": "First release" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:cpan/=5.13", "product": { "name": "MT equal 5.13", "product_id": "CSAFPID-0001" } } ], "category": "product_name", "name": "MT" } ] }, "vulnerabilities": [ { "cve": "CVE-2012-1503", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" }, "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "scores": [ { "cvss_v2": { "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "CSAFPID-0001" ] } ] } ] }