Filtered by vendor Six Apart Ltd
Subscriptions
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24447 | 2 Six Apart, Six Apart Ltd | 2 Movable Type, Movable Type | 2026-02-04 | N/A |
| If a malformed data is input to the affected product, a CSV file downloaded from the affected product may contain such malformed data. When a victim user download and open such a CSV file, the embedded code may be executed in the user's environment. Note that Movable Type 7 series and 8.4 series, which are End-of-Life (EOL), are affected by the vulnerability as well. | ||||
| CVE-2026-23704 | 2 Six Apart, Six Apart Ltd | 2 Movable Type, Movable Type | 2026-02-04 | N/A |
| A non-administrative user can upload malicious files. When an administrator or the product accesses that file, an arbitrary script may be executed on the administrator's browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life (EOL), are affected by the vulnerability as well. | ||||
| CVE-2026-21393 | 2 Six Apart, Six Apart Ltd | 2 Movable Type, Movable Type | 2026-02-04 | N/A |
| Movable Type contains a stored cross-site scripting vulnerability in Edit Comment. If crafted input is stored by an attacker, arbitrary script may be executed on a logged-in user's web browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life (EOL), are affected by the vulnerability as well. | ||||
| CVE-2026-22875 | 2 Six Apart, Six Apart Ltd | 2 Movable Type, Movable Type | 2026-02-04 | N/A |
| Movable Type contains a stored cross-site scripting vulnerability in Export Sites. If crafted input is stored by an attacker, arbitrary script may be executed on a logged-in user's web browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life (EOL), are affected by the vulnerability as well. | ||||
| CVE-2025-55706 | 1 Six Apart Ltd | 1 Movable Type | 2025-08-21 | N/A |
| URL redirection to untrusted site ('Open Redirect') issue exists in Movable Type. If this vulnerability is exploited, an invalid parameter may be inserted into the password reset page, which may lead to redirection to an arbitrary URL. | ||||
| CVE-2025-53522 | 1 Six Apart Ltd | 1 Movable Type | 2025-08-21 | N/A |
| Movable Type contains an issue with use of less trusted source. If exploited, tampered email to reset a password may be sent by a remote unauthenticated attacker. | ||||
| CVE-2007-0604 | 1 Six Apart Ltd | 1 Movable Type | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry screen," a different vulnerability than CVE-2007-0231. | ||||
| CVE-2009-2492 | 3 Six Apart, Six Apart Ltd, Sixapart | 3 Movable Type, Movable Type, Movable Type | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480. | ||||
Page 1 of 1.