| VID |
210122 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of Movable Type which is older than version 4.36 / 5.05 is detected as installed on the host. Movable Type is a weblog publishing software written in Perl. The version of Movable Type running on the remote host has a cross-site scripting vulnerability in 'mt-comments.cgi'. Input to the 'static' parameter is not sanitized.
A remote attacker could exploit this by tricking a user into making a specially crafted request, resulting in the execution of arbitrary script code.
* Note: This check solely relied on the version number of Movable Type on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html
* Platforms Affected:
Movable Type versions prior to 4.36 / 5.05
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Movable Type (4.36 / 5.05 or later), available from the Movable Type Web site at http://www.sixapart.com/movabletype/ |
| Related URL |
(CVE) |
| Related URL |
47997 (SecurityFocus) |
| Related URL |
(ISS) |
|
