Vulnerabilities in Six Apart Ltd.
36 resultsCVE-2022-45122MEDIUMCross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301EPSS 0.5%CVE-2026-25776CRITICALMovable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl scriptEPSS 0.5%CVE-2023-45746MEDIUMCross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected proEPSS 0.4%CVE-2026-33088MEDIUMMovable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an attacker to execute an arbitrary SQL statEPSS 0.3%CVE-2026-44392MEDIUMMissing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in EPSS 0.2%CVE-2025-25054MEDIUMMovable Type contains a reflected cross-site scripting vulnerability in the user information edit page. When Multi-Factor authentication pluEPSS 0.2%CVE-2026-24447MEDIUMIf a malformed data is input to the affected product, a CSV file downloaded from the affected product may contain such malformed data. When EPSS 0.2%CVE-2025-62499MEDIUMMovable Type contains a stored cross-site scripting vulnerability in Edit CategorySet of ContentType page. If crafted input is stored by an EPSS 0.2%CVE-2025-54856MEDIUMMovable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If crafted input is stored by an attacker with "EPSS 0.2%CVE-2026-21393MEDIUMMovable Type contains a stored cross-site scripting vulnerability in Edit Comment. If crafted input is stored by an attacker, arbitrary scriEPSS 0.2%CVE-2025-24841MEDIUMMovable Type contains a stored cross-site scripting vulnerability in the HTML edit mode of MT Block Editor. It is exploitable when TinyMCE6 EPSS 0.2%CVE-2026-22875MEDIUMMovable Type contains a stored cross-site scripting vulnerability in Export Sites. If crafted input is stored by an attacker, arbitrary scriEPSS 0.2%CVE-2025-22888MEDIUMMovable Type contains a stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor. If exploited, an arbitraEPSS 0.2%CVE-2026-23704MEDIUMA non-administrative user can upload malicious files. When an administrator or the product accesses that file, an arbitrary script may be exEPSS 0.2%CVE-2025-55706MEDIUMURL redirection to untrusted site ('Open Redirect') issue exists in Movable Type. If this vulnerability is exploited, an invalid parameter EPSS 0.2%CVE-2025-53522MEDIUMMovable Type contains an issue with use of less trusted source. If exploited, tampered email to reset a password may be sent by a remote unaEPSS 0.2%