CVE-2023-45746
CVE-2023-45746
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.4EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
30 Oct 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected products
Six Apart Ltd. · Movable Type 7 (Movable Type 7 Series)Six Apart Ltd. · Movable Type Advanced 7 (Movable Type 7 Series)Six Apart Ltd. · Movable Type Cloud Edition (Version 7)Six Apart Ltd. · Movable Type PremiumSix Apart Ltd. · Movable Type Premium AdvancedSix Apart Ltd. · Movable Type Premium Cloud EditionWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →