Movable Type
Approved changes feed: RSS · Atom
cpe:2.3:a:six_apart_ltd.:movable_type:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Six Apart Ltd. (ecf3900e-a4ac-502e-b3ed-8ebfefccbb1e) |
|---|---|
| Product | Movable Type (190711b6-1725-5868-b6ff-d547ef0c3e39) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-44392 |
vulnerable | 2026-06-03 15:25:03.103002 |
Details available
MEDIUM (4.3)
Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may be executed.
Published: 2026-05-20T05:28:14.892Z
Updated: 2026-05-20T13:04:04.783Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-33088 |
vulnerable | 2026-06-03 15:20:44.219892 |
Details available
HIGH (7.3)
Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an attacker to execute an arbitrary SQL statement.
Published: 2026-04-08T08:51:45.916Z
Updated: 2026-04-08T13:31:08.213Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-25776 |
vulnerable | 2026-06-03 15:18:04.038587 |
Details available
CRITICAL (9.8)
Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script.
Published: 2026-04-08T08:52:15.469Z
Updated: 2026-04-08T13:22:04.832Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-45122 |
vulnerable | 2026-06-03 14:48:23.753244 |
Details available
Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.
Published: 2022-12-07T00:00:00.000Z
Updated: 2025-04-23T19:03:12.230Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-45113 |
vulnerable | 2026-06-03 14:48:23.746196 |
Details available
Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially crafted URL may allow a remote unauthenticated attacker to set a specially crafted URL to the Reset Password page and conduct a phishing attack. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.
Published: 2022-12-07T00:00:00.000Z
Updated: 2025-04-23T15:50:21.256Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-43660 |
vulnerable | 2026-06-03 14:48:15.585561 |
Details available
Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.
Published: 2022-12-07T00:00:00.000Z
Updated: 2025-04-23T14:10:58.447Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20837 |
vulnerable | 2026-06-03 14:43:43.291499 |
Details available
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.
Published: 2021-10-26T05:15:12.000Z
Updated: 2024-08-03T17:53:22.821Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20815 |
vulnerable | 2026-06-03 14:43:43.246862 |
Details available
Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
Published: 2021-08-26T01:20:46.000Z
Updated: 2024-08-03T17:53:22.622Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20814 |
vulnerable | 2026-06-03 14:43:43.246540 |
Details available
Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), and Movable Type Premium 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
Published: 2021-08-26T01:20:44.000Z
Updated: 2024-08-03T17:53:22.733Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20813 |
vulnerable | 2026-06-03 14:43:43.246245 |
Details available
Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series) and Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series)) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
Published: 2021-08-26T01:20:42.000Z
Updated: 2024-08-03T17:53:22.533Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20812 |
vulnerable | 2026-06-03 14:43:43.245936 |
Details available
Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type (Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
Published: 2021-08-26T01:20:41.000Z
Updated: 2024-08-03T17:53:22.692Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20811 |
vulnerable | 2026-06-03 14:43:43.245602 |
Details available
Cross-site scripting vulnerability in List of Assets screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
Published: 2021-08-26T01:20:39.000Z
Updated: 2024-08-03T17:53:22.560Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20810 |
vulnerable | 2026-06-03 14:43:43.245230 |
Details available
Cross-site scripting vulnerability in Website Management screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
Published: 2021-08-26T01:20:38.000Z
Updated: 2024-08-03T17:53:22.466Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20809 |
vulnerable | 2026-06-03 14:43:43.244802 |
Details available
Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
Published: 2021-08-26T01:20:35.000Z
Updated: 2024-08-03T17:53:22.889Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20808 |
vulnerable | 2026-06-03 14:43:43.241306 |
Details available
Cross-site scripting vulnerability in Search screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
Published: 2021-08-26T01:20:32.000Z
Updated: 2024-08-03T17:53:23.060Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20665 |
vulnerable | 2026-06-03 14:43:42.619907 |
Details available
Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
Published: 2021-03-05T09:20:21.000Z
Updated: 2024-08-03T17:45:45.209Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20664 |
vulnerable | 2026-06-03 14:43:42.619530 |
Details available
Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
Published: 2021-03-05T09:20:20.000Z
Updated: 2024-08-03T17:45:45.233Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20663 |
vulnerable | 2026-06-03 14:43:42.614964 |
Details available
Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
Published: 2021-03-05T09:20:20.000Z
Updated: 2024-08-03T17:45:45.341Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5669 |
vulnerable | 2026-06-03 14:42:57.079858 |
Details available
Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
Published: 2021-10-26T10:10:10.000Z
Updated: 2024-08-04T08:39:25.679Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5577 |
vulnerable | 2026-06-03 14:42:56.742112 |
Details available
Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors.
Published: 2020-05-14T01:00:22.000Z
Updated: 2024-08-04T08:30:24.546Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5576 |
vulnerable | 2026-06-03 14:42:56.741689 |
Details available
Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Published: 2020-05-14T01:00:22.000Z
Updated: 2024-08-04T08:30:24.817Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5575 |
vulnerable | 2026-06-03 14:42:56.741248 |
Details available
Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
Published: 2020-05-14T01:00:21.000Z
Updated: 2024-08-04T08:30:24.605Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5574 |
vulnerable | 2026-06-03 14:42:56.738297 |
Details available
HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors.
Published: 2020-05-14T01:00:21.000Z
Updated: 2024-08-04T08:30:24.552Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.