CVE-2025-54856

Vulnerability

Description Movable Type's Edit ContentData page suffers from a stored cross-site scripting (XSS) vulnerability due to insufficient input sanitization. An attacker with the "ContentType Management" privilege can store crafted input that, when later accessed by a user, executes arbitrary scripts in the user's browser [1][2].

Exploitation

Conditions To exploit this vulnerability, an attacker must have the "ContentType Management" privilege within Movable Type. They can then inject malicious code into the ContentData fields. When a privileged user (such as an administrator or other authorized user) views the Edit ContentData page, the injected script executes in their browser session [2]. The attack requires user interaction as the victim must access the malicious page.

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser within the context of the Movable Type application. This can lead to session hijacking, defacement, or theft of sensitive data displayed on the page. The CVSS v3 base score is 4.8 (Medium), reflecting the need for high privileges and user interaction [1][2].

Mitigation

The vendor has released security updates to address this vulnerability. Affected versions include Movable Type 8.4.0 through 8.4.3, 8.0.0 through 8.0.7, and 7 r.5509 and earlier, as well as corresponding Premium versions. Users should upgrade to Movable Type 8.8.0, 8.4.4, 8.0.8, or 7 r.5510 (v7.906.5) or later [1][3]. For Movable Type Cloud, updates are available as per vendor guidance [2].