CVE-2007-0231

{"id": "CVE-2007-0231", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-01-13T02:28:00.000", "references": [{"url": "http://golem.ph.utexas.edu/~distler/blog/archives/001102.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/32717", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23669", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0142", "source": "cve@mitre.org"}, {"url": "http://www.zackvision.com/weblog/2007/01/movabletype-security-bug.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://golem.ph.utexas.edu/~distler/blog/archives/001102.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/32717", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/23669", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/0142", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.zackvision.com/weblog/2007/01/movabletype-security-bug.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Movable Type (MT) 3.33, cuando nofollow est\u00e1 desactivado y comentarios sin moderaci\u00f3n activado, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del campo Comments."}], "lastModified": "2024-11-21T00:25:18.303", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:six_apart:movable_type:3.33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B584BED2-F630-4A5B-8FE9-29BBE9517214"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}