← voltar
CVE-2025-62499

CVE-2025-62499

CVSS 4.6 MEDIUMEPSS 0.2%CWE-79
Movable Type contains a stored cross-site scripting vulnerability in Edit CategorySet of ContentType page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit CategorySet of ContentType page.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Produtos afetados
Six Apart Ltd. · Movable Type Advanced (Software Edition)Six Apart Ltd. · Movable Type (Cloud Edition)Six Apart Ltd. · Movable Type Premium (Advanced Edition) (Software Edition)Six Apart Ltd. · Movable Type Premium (Cloud Edition)Six Apart Ltd. · Movable Type Premium (Software Edition)Six Apart Ltd. · Movable Type (Software Edition)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://jvn.jp/en/jp/JVN24333679/https://movabletype.org/news/2025/10/mt-880-released.htmlhttps://www.sixapart.jp/movabletype/news/2025/10/22-1055.html