Medium severity6.5NVD Advisory· Published Feb 4, 2026· Updated Apr 15, 2026
CVE-2026-23704
CVE-2026-23704
Description
A non-administrative user can upload malicious files. When an administrator or the product accesses that file, an arbitrary script may be executed on the administrator's browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life (EOL), are affected by the vulnerability as well.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <= 8.4.x (EOL) and <= 7.x (EOL)
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.