CVE-2014-5313

NameCVE-2014-5313
DescriptionCross-site scripting (XSS) vulnerability in the management page in Six Apart Movable Type before 5.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
movabletype-opensource (PTS)wheezy5.1.4+dfsg-4+deb7u3vulnerable
wheezy (security)5.1.4+dfsg-4+deb7u4vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
movabletype-opensourcesource(unstable)(unfixed)low
movabletype-opensourcesourcewheezy(unfixed)end-of-life

Notes

[wheezy] - movabletype-opensource <end-of-life> (Not supported in Wheezy)

Search for package or bug name: Reporting problems