GCVE - cpe:2.3:a:six_apart_ltd.:movable_type

Approved changes feed: RSS · Atom

cpe:2.3:a:six_apart_ltd.:movable_type_premium:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Six Apart Ltd. (`ecf3900e-a4ac-502e-b3ed-8ebfefccbb1e`)
Product	Movable Type Premium (`f3d078f3-f3a5-5230-a116-98ea513cade1`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-44392`	vulnerable	2026-06-03 15:25:03.104960	Details available MEDIUM (4.3) Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may be executed. Published: 2026-05-20T05:28:14.892Z Updated: 2026-05-20T13:04:04.783Z Open on db.gcve.eu Reference links https://movabletype.org/news/2026/05/mt-908-released.html https://www.sixapart.jp/movabletype/news/2026/05/20-1100.html https://jvn.jp/en/jp/JVN66473735/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-33088`	vulnerable	2026-06-03 15:20:44.221984	Details available HIGH (7.3) Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an attacker to execute an arbitrary SQL statement. Published: 2026-04-08T08:51:45.916Z Updated: 2026-04-08T13:31:08.213Z Open on db.gcve.eu Reference links https://movabletype.org/news/2026/04/mt-907-released.html https://www.sixapart.jp/movabletype/news/2026/04/08-1100.html https://jvn.jp/en/jp/JVN66473735/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-25776`	vulnerable	2026-06-03 15:18:04.042485	Details available CRITICAL (9.8) Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script. Published: 2026-04-08T08:52:15.469Z Updated: 2026-04-08T13:22:04.832Z Open on db.gcve.eu Reference links https://movabletype.org/news/2026/04/mt-907-released.html https://www.sixapart.jp/movabletype/news/2026/04/08-1100.html https://jvn.jp/en/jp/JVN66473735/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-45746`	vulnerable	2026-06-03 14:53:08.480985	Details available Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier. Published: 2023-10-30T04:57:43.561Z Updated: 2024-10-29T18:23:10.383Z Open on db.gcve.eu Reference links https://movabletype.org/news/2023/10/mt-79020-released.html https://jvn.jp/en/jp/JVN39139884/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Movable Type Premium

PURL mappings

Vulnerability references

Contribute