CVE-2014-0977 Information

Description

Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable Type 5.0x 5.1x before 5.161 5.2.x before 5.2.9 and 6.0.x before 6.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734304 http://movabletype.org/news/2013/11/movable_type_601_529_and_5161_released_to_close_security_vul.html http://seclists.org/oss-sec/2014/q1/24 http://seclists.org/oss-sec/2014/q1/36 http://secunia.com/advisories/56295 http://secunia.com/advisories/56405 http://www.debian.org/security/2014/dsa-2841 http://www.securityfocus.com/bid/64657 http://www.securitytracker.com/id/1029588 https://exchange.xforce.ibmcloud.com/vulnerabilities/90095