Movable Type Premium (Cloud Edition)
Approved changes feed: RSS · Atom
cpe:2.3:a:six_apart_ltd.:movable_type_premium_(cloud_edition):*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Six Apart Ltd. (ecf3900e-a4ac-502e-b3ed-8ebfefccbb1e) |
|---|---|
| Product | Movable Type Premium (Cloud Edition) (93f237da-fd95-553f-818f-f52a04efa430) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-24447 |
vulnerable | 2026-06-03 15:16:52.485525 |
Details available
MEDIUM (6.5)
If a malformed data is input to the affected product, a CSV file downloaded from the affected product may contain such malformed data. When a victim user download and open such a CSV file, the embedded code may be executed in the user's environment. Note that Movable Type 7 series and 8.4 series, which are End-of-Life (EOL), are affected by the vulnerability as well.
Published: 2026-02-04T07:04:04.422Z
Updated: 2026-02-04T15:55:26.690Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-23704 |
vulnerable | 2026-06-03 15:16:50.471343 |
Details available
MEDIUM (6.5)
A non-administrative user can upload malicious files. When an administrator or the product accesses that file, an arbitrary script may be executed on the administrator's browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life (EOL), are affected by the vulnerability as well.
Published: 2026-02-04T07:03:37.889Z
Updated: 2026-02-04T16:07:28.812Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-22875 |
vulnerable | 2026-06-03 15:15:54.300220 |
Details available
MEDIUM (5.4)
Movable Type contains a stored cross-site scripting vulnerability in Export Sites. If crafted input is stored by an attacker, arbitrary script may be executed on a logged-in user's web browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life (EOL), are affected by the vulnerability as well.
Published: 2026-02-04T07:03:01.475Z
Updated: 2026-02-04T16:08:00.768Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-21393 |
vulnerable | 2026-06-03 15:15:50.951300 |
Details available
MEDIUM (5.4)
Movable Type contains a stored cross-site scripting vulnerability in Edit Comment. If crafted input is stored by an attacker, arbitrary script may be executed on a logged-in user's web browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life (EOL), are affected by the vulnerability as well.
Published: 2026-02-04T07:02:50.465Z
Updated: 2026-02-04T16:08:26.340Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62499 |
vulnerable | 2026-06-03 15:07:58.945467 |
Details available
MEDIUM (4.8)
Movable Type contains a stored cross-site scripting vulnerability in Edit CategorySet of ContentType page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit CategorySet of ContentType page.
Published: 2025-10-23T04:10:41.403Z
Updated: 2025-10-23T15:13:25.011Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54856 |
vulnerable | 2026-06-03 15:04:57.001068 |
Details available
MEDIUM (4.8)
Movable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit ContentData page.
Published: 2025-10-23T04:10:30.545Z
Updated: 2025-10-23T15:18:25.113Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.