← back
CVE-2021-20810

CVE-2021-20810

EPSS 0.9%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.9%KEV nãoPoC Patch
Lifecycle
26 Aug 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Cross-site scripting vulnerability in Website Management screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
Affected products
Six Apart Ltd. · Movable Type

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jvn.jp/en/jp/JVN97545738/index.htmlhttps://movabletype.org/news/2021/08/mt-780-681-released.html