Unrated severityNVD Advisory· Published Mar 5, 2021· Updated Aug 3, 2024
CVE-2021-20664
CVE-2021-20664
Description
Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <= r.4705
- Range: <= 7 r.4705
- Six Apart Ltd./Movable Typev5Range: Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier
Patches
Vulnerability mechanics
References
2- jvn.jp/en/jp/JVN66542874/index.htmlmitrex_refsource_MISC
- movabletype.org/news/2021/02/mt-760-676-released.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.