Unrated severityNVD Advisory· Published Jun 16, 2003· Updated Jun 16, 2026
CVE-2003-0287
CVE-2003-0287
Description
Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled.
Affected products
3cpe:2.3:a:six_apart:movable_type:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:six_apart:movable_type:*:*:*:*:*:*:*:*range: <=2.6
- cpe:2.3:a:six_apart:movable_type:2.63:*:*:*:*:*:*:*
- Range: <=2.63
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.