GCVE - cpe:2.3:a:movabletype:movable_type_pro:4.26:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:movabletype:movable_type_pro:4.26:*:*:*:*:*:*:*

part: a version: 4.26 update: *

Vendor	Movabletype (`a77b6415-3371-58da-be0e-a35cdecaf67b`)
Product	Movable Type Pro (`fb9337fd-bf2a-5da4-bd25-dfb9d56a82a1`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-1497`	vulnerable	2026-06-08 05:00:49.026535	Details available The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role. Published: 2012-03-03T02:00:00.000Z Updated: 2024-08-06T19:01:01.548Z Open on db.gcve.eu Reference links http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html http://www.debian.org/security/2012/dsa-2423 http://www.movabletype.org/documentation/appendices/release-notes/513.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-1262`	vulnerable	2026-06-08 05:00:48.481055	Details available Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the dbuser parameter, a different vulnerability than CVE-2012-0318. Published: 2012-03-03T02:00:00.000Z Updated: 2024-08-06T18:53:36.422Z Open on db.gcve.eu Reference links http://packetstormsecurity.org/files/110203/Movable-Type-Publishing-Platform-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2012/Feb/407 http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html http://www.securityfocus.com/bid/52138 http://www.debian.org/security/2012/dsa-2423	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-0319`	vulnerable	2026-06-08 05:00:40.796191	Details available The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an "OS Command Injection" issue. Published: 2012-03-03T02:00:00.000Z Updated: 2024-08-06T18:23:30.399Z Open on db.gcve.eu Reference links http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000017 http://www.securityfocus.com/bid/52138 http://www.debian.org/security/2012/dsa-2423 http://www.securitytracker.com/id?1026738	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-0318`	vulnerable	2026-06-08 05:00:40.780395	Details available Multiple cross-site scripting (XSS) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to inject arbitrary web script or HTML via vectors involving templates, a different issue than CVE-2012-1262. Published: 2012-03-03T02:00:00.000Z Updated: 2024-08-06T18:23:30.910Z Open on db.gcve.eu Reference links http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html http://www.securityfocus.com/bid/52138 http://www.debian.org/security/2012/dsa-2423 http://www.securitytracker.com/id?1026738 http://www.movabletype.org/documentation/appendices/release-notes/513.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.