VULHUB ™

A problem with the Movable Type Comment Form could allow remote users to execute arbitrary code in the context of the web site hosting Movable Type. The problem occurs due to the lack of sanitization performed on encoded character representations of HTML tags. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. Other attacks are also possible. It should be noted that all Movable Type versions prior to version 2.6 have been confirmed vulnerable. The vendor has reported that this vulnerability has been addressed in versions higher than 2.6.

A problem with the Movable Type Comment Form could allow remote users to execute arbitrary code in the context of the web site hosting Movable Type. The problem occurs due to the lack of sanitization performed on encoded character representations of HTML tags. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. Other attacks are also possible. It should be noted that all Movable Type versions prior to version 2.6 have been confirmed vulnerable. The vendor has reported that this vulnerability has been addressed in versions higher than 2.6.