Unrated severityNVD Advisory· Published Sep 12, 2022· Updated Aug 3, 2024

CVE-2022-38972

Description

Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series) allows a remote unauthenticated attacker to inject an arbitrary script.

Affected products

Ark Web/A Formv5
Range: versions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jvn.jp/en/jp/JVN48120704/index.htmlmitrex_refsource_MISC
www.ark-web.jp/blog/archives/2022/09/a-series-411-391.htmlmitrex_refsource_MISC
www.ark-web.jp/movabletype/blog/2022/09/a-series-411-391.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000