NuytsTech Security

CVE-2009-2480

by ·

Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type 4.24, and 4.25 when global templates are not initialized, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Date published : 2009-07-16

http://www.securityfocus.com/bid/35471

http://www.movabletype.org/documentation/appendices/release-notes/426.html

Tags: