CVE-2020-5575
Description
Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Movable Type versions prior to 7.3.0, 6.6.0, and 6.3.12 are vulnerable to stored XSS via multiple query strings, allowing arbitrary script execution.
Vulnerability
Cross-site scripting (XSS) vulnerability in Movable Type due to improper handling of multiple query strings (CWE-79) [1]. Affected versions: Movable Type 7 r.4606 (7.2.1) and earlier, Movable Type Advanced 7 r.4606 (7.2.1) and earlier, Movable Type for AWS 7 r.4606 (7.2.1) and earlier, Movable Type 6.5.3 and earlier, Movable Type Advanced 6.5.3 and earlier, Movable Type 6.3.11 and earlier, Movable Type Advanced 6.3.11 and earlier, Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier [1][2].
Exploitation
An unauthenticated attacker can exploit this flaw by crafting a URL with malicious multiple query strings and luring a user to click it (user interaction required) [1]. No special network position or authentication is needed. The attacker injects arbitrary script or HTML that executes in the victim's browser within the context of the Movable Type site.
Impact
Successful exploitation allows the attacker to execute arbitrary script in the victim's browser, leading to potential information disclosure (e.g., session cookies) and integrity compromise (e.g., performing actions on behalf of the user). The CVSS v3 base score is 6.1 (Medium), with impact on confidentiality (Low), integrity (Low), and scope changed [1].
Mitigation
Upgrade to the latest fixed versions: Movable Type 7 r.4607 (v7.3.0), Movable Type 6.6.0, or Movable Type 6.3.12, released on 2020-05-14 [2]. No workaround is available; updating is the recommended action.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: <=7.2.1
- Range: <=1.29
- Six Apart Ltd./Movable Typev5Range: Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- jvn.jp/en/jp/JVN28806943/index.htmlmitrex_refsource_MISC
- movabletype.org/news/2020/05/mt-730-660-6312-released.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.