← volver
CVE-2025-54856

CVE-2025-54856

CVSS 4.6 MEDIUMEPSS 0.2%CWE-79
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.6EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
23 oct 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Movable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit ContentData page.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Productos afectados
Six Apart Ltd. · Movable Type Advanced (Software Edition)Six Apart Ltd. · Movable Type (Cloud Edition)Six Apart Ltd. · Movable Type Premium (Advanced Edition) (Software Edition)Six Apart Ltd. · Movable Type Premium (Cloud Edition)Six Apart Ltd. · Movable Type Premium (Software Edition)Six Apart Ltd. · Movable Type (Software Edition)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://jvn.jp/en/jp/JVN24333679/https://movabletype.org/news/2025/10/mt-880-released.htmlhttps://www.sixapart.jp/movabletype/news/2025/10/22-1055.html