CNNVD-202510-3271 Information
CNNVD ID
CNNVD-202510-3271
Related CVE
- CNNVD Published: 2025-10-23
Description (Chinese)
Six Apart Movable Type是美国Six Apart公司的一个应用系统。提供包含多用户,评论,引用(TrackBack),主题等功能。 Six Apart Movable Type存在跨站脚本漏洞,该漏洞源于ContentType页面Edit CategorySet中存在存储型跨站脚本漏洞,可能导致执行任意脚本。
Description (English)
Six Apart Movable Type is an application system of the United States company Six Apart. Provides functions that include multiple users, comments, references (TrackBack), themes, etc. Six Apart Movable Type has a cross-site script loophole, which stems from the storage-type cross-site script gap in the ContentType page Edit StateSet, which may lead to the execution of any script.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Six Apart
Published
2025-10-23
Last Modified
2026-02-24
References
https://jvn.jp/en/jp/JVN24333679/ https://movabletype.org/news/2025/10/mt-880-released.html https://www.sixapart.jp/movabletype/news/2025/10/22-1055.html
Patch
https://movabletype.org/news/2025/10/mt-880-released.html
Share on: