oss-sec mailing list archives

Re: CVE Request: cross-site scripting vulnerabilities in movable type 6.0.1, 5.2.9, and 5.161

From: cve-assign () mitre org
Date: Tue, 7 Jan 2014 17:05:10 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A movable type update to 6.0.1, 5.29 and 5.161 fixes cross-site
scripting attacks, from the announcement:

The Rich Text Editor in previous versions of Movable Type 6 and
Movable Type 5 are susceptible to cross-site scripting (XSS) attacks.


Use CVE-2014-0977.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSzHnQAAoJEKllVAevmvmsSxwIAK3XmQVzjWymnfgO4yOwUED4
W36oPPz6Kz4cP6Hd/m2FrVo5HxzbONHmrovZZ4gx2QPPD2xXvXGq9u4QSsUXkeLM
gTTC2TwWFIXpceqw8tFJbNadJNe/tce1fckoQx+ZZcbvftOk60cEe5dxH6YF90Ku
AezYNomQ0H9ho6MvzVwuHmKt/1BTIkPUgxP87SaRvn57zVday84dz9sQxn68LgI+
0lPRmVUmzLp1XtYaL5CuD6m/R6ilkKbpnZ69sJHw4GIIKrye9D+On/psm6IBzeml
zpPC/bQKMVqN/UzdHN6sCRpSXBkXVc4LeWglvygi9w94HGUGfokL1hEpjUp5MGY=
=XDcq
-----END PGP SIGNATURE-----

Current thread:

CVE Request: cross-site scripting vulnerabilities in movable type 6.0.1, 5.2.9, and 5.161 Salvatore Bonaccorso (Jan 05)
- Re: CVE Request: cross-site scripting vulnerabilities in movable type 6.0.1, 5.2.9, and 5.161 cve-assign (Jan 07)